This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HP ProCurve 802.1x Session Timeout - Idle Timeout via RADIUS Attribute possible ?

HP ProCurve 802.1x Session Timeout - Idle Timeout via RADIUS Attribute possible ?

M_Nees
Contributor III

‎05-18-2017 07:31 AM

On a current project we use HP2920 Switches with Extreme Management and Control.

For avoid problems with printers we use "aaa port-access authenticator X/X logoff-period xxxxx"

For VoIP Phones we use a triggered Re-Authentication with "aaa port-access authenticator X/X reauth-period XXXXX"

Because this commanda are port related and not as i prefer device or mac related i want to switch over to apply these Timer values via Standard RADIUS Attributes during Authentication process (as i do that with EXOS / EOS sswitches).

Is this working ? I do not see anywhere the information if this is possible NOR the negativ information that this is not working.
During tests it seem the HP does not understand these Attributes. Are there maybe special HP VSA ?

These link is a good information source but does not explain my question:
https://wiki.freeradius.org/vendor/HP

Anyone how try this successfully before ?

Regards

0 Kudos
3 REPLIES 3

M_Nees
Contributor III

‎07-10-2017 06:55 PM

After 2 months HP Support have an answer:
I have been able to successfully change the Session-Timeout(27) value on the switch by sending a value (greater than 60sec) in the radius Accept-Accept message together with the Termination-Action (set to “1”), and the switch does take this new value into account.

However when sending the Idle-Timeout, the switch doesn’t react to the new value. The Lab confirmed that this one cannot be changed. Changing the Idle-Timeout value is not supported. Unfortunately, there are no HPE specific Attributes (VSA) available which would do the same.

I am glad for this help - but waiting 2 months for that answer is not what i am accustomed by Extreme GTAC ;-)))

Hope this helps any other guy who working with Extreme NAC and 3rd Party switches.

Regards

0 Kudos

Drew_C
Valued Contributor III
In response to M_Nees

‎07-10-2017 06:55 PM

Sorry the community let you down on this one, Matthias. Glad you found an answer though!
0 Kudos

M_Nees
Contributor III

‎05-24-2017 09:40 AM

Nobody out there who has ever try that ?
0 Kudos
GTM-P2G8KFN