Just wanted to share my config for the Aruba HPE 2930M switch I'm testing. All
appears to be working for my needs. I ended up defining my switch in
Packetfence as a "HP::Procurve_2920" in order for it to work properly. In
addition, it must use SNMP as deauth method.
#Radius/SNMP Config#
radius-server host <packetfence IP> dyn-authorization
radius-server host <packetfence IP> key <secret key>
aaa server-group radius "packetfence" host <packetfence ip>
aaa accounting network start-stop radius server-group "packetfence"
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
ip source-interface radius vlan <management vlan>
snmpv3 user <packetfence user>
snmpv3 group managerpriv user <packetfence user> sec-model ver3
snmpv3 enable
snmpv3 only
snmpv3 restricted-access
#Port Config#
aaa port-access authenticator active
aaa port-access authenticator <port#>
aaa port-access authenticator <port#> client-limit <max dot1x clients on port>
aaa port-access mac-based <port#>
aaa port-access mac-based <port#> addr-moves
aaa port-access mac-based <port#> reauth-period 14400
aaa port-access mac-based <port#> addr-limit <max mab clients on port>
aaa port-access <port#> controlled-direction in
#show run interface#
interface 1/1
tagged vlan <voip vlan>
untagged vlan <mac detection vlan>
lldp enable-notification
lldp config dot1TlvEnable vlan-name
aaa port-access authenticator
aaa port-access authenticator client-limit 5
aaa port-access mac-based
aaa port-access mac-based addr-limit 5
aaa port-access mac-based addr-moves
aaa port-access mac-based reauth-period 14400
aaa port-access controlled-direction in
spanning-tree admin-edge-port
spanning-tree loop-guard bpdu-protection
exit
Jeremy Plumley
ITS Network Administrator
Ext 50024
E-Mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and shall be disclosed to third parties when
required by the statutes (G.S. 132-1.)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
