Sending QoS, Rate Limit and IP ACL to HPE Aruba switches from freeradius server

With 802.1x authentication you can easily assign VLANs to authenticated users, but configuring QoS, IP ACLs or Rate limits for supplicant ports can be very challenging.

QoS and IP ACL setting can be configured on demand. Using this method will eliminate the configuration of switches for QoS, Rate limiting or IP ACL. HP-Egress-VLANID atrribute need to be written in integer, syntax is per below;

for tagged frames : <0x31><000><VLANID> //these values need to converted in to decimal

for untagged frames: <0x32><000><VLANID> //can be used

In the following example the supplicant would be assigned to VLAN 200 with untagged frames.

0x320000c8 = 838861000

You need to play with the following file

raddb/sites-enabled/innertunnel

post-auth {

update-reply {

HP-Egress-VLANID = 838861000

HP-Nas-filter-Rule = “permit in icmp from any to 10.10.10.10/32”

HP-Nas-filter-Rule = “deny in ip from any to any”

HP-COS = “44444444”

HP-Bandwidth-Max-Ingress = 40000

HP-Bandwidth-Max-Egress = 40000

}

GANOS Internetworking

Are you looking for Advanced Networking Services in London?

Are you looking for Advanced Networking Services in London?

Sending QoS, Rate Limit and IP ACL to HPE Aruba switches from freeradius server

Leave a comment Cancel reply