Link to home
Start Free TrialLog in
Avatar of sblanken
sblanken

asked on

HP switch port auth and HP IDM and IAS tutorial needed

Hi Experts,

I have a switch HP 5421zl with K.13.09 firmware. And I have HP Procurve 2.3+IDM 2.3(Identity Driven Manager). And I have IAS/RADIUS on a Windows 2003 R2 SP2 server.

I need a tutorial  (for dummies ;)) of how to set up the above components to communicate with each other.

This is what I got so far

On Switch
1. I enabled aaa auth port-based
2. I created a radius server along with the share secret with the IAS server IP
3. I enabled Port-Access on ChapRadius
4. I cannot see any error message on the event log so it looks to me that the switch reaches the RADIUS server
5. I have 3 VLANs enabled on the switch, and w/o aaa enabled, all looks good

On IAS server
1. I created a RADIUS client with the switch IP and the share secret
2. I created a policy for Ethernet, with the NAS-Port-type matches Ethernet with EAP as MD5-Challenge, and no other Authentication method
3. I have nothing in the Advanced attributes
4. for this Policy I granted access
5. For Connection Request policy I have a policy that allow access at any time 24 hrs

On the Procurve/IDM server

1. I installed Procurve 2.3 and IDM 2.3
2. I enabled RADIUS and I know IDM and IAS talk to each other, I can see in the IAS server some events that allow the Administator user to log in based on the Admin policy that I enabled in IAS (separate from the policy for ethernet)
3. The only policy enabled in IDM is all access to all.

My problem is this
1. when I enabled Port-Auth on the switch, my connections died
2. I cannot see anything in IAS that says allow or granted, so I don't know what I'm doing wrong
3. I read a lot of documentation, I found some Cisco tutorials, or there is a lot of specific documentation, but I can't seem to get the idea of how to make these pieces to work together in my case.

What I need is a tutorial/example for dummies that shows how to setup IAS, IDM and HP

Let me know if you need more info

Thanks for your help!
Avatar of sblanken
sblanken

ASKER

I found some links that helped

For IAS wired deployment

http://technet.microsoft.com/en-us/network/bb643123.aspx

For HP VLAN auth, how to actually set up 802.1x on Windows Active Directory, Linux, SteelBelted RADIUS, Windows 2000/XP clients, ProCurve 520 and 420 Wireless Access Points and the 5300XL High Performance LAN switch.

http://www.cadinc.com/news/events/downloads/ncet/whitepaper_802.1x_jimmyray.pdf

They helped me so I put them here in case someone else needs a shortcut to knowledge ;)

let's keep this opened for a while, and I'll add more links if needed or if I find something else useful.
ASKER CERTIFIED SOLUTION
Avatar of EE_AutoDeleter
EE_AutoDeleter

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial