Implementing BYOD-redirect configuration examples

The following examples show how to implement BYOD-redirect for both wired and wireless solutions.

BYOD configuration on a distribution switch

To facilitate the BYOD-redirect function, complete the following tasks on the distribution switch:

  1. Configure DNS and make FQDN solution successful: ip dns server-address priority 1 <DNS-server-IP>.
    NOTE:

    The argument to the URL can be an FQDN or IP address. If you use the IP address as an argument, this step is not necessary.

  2. Configure BYOD web-server URL: portal web-server "byod" url http://imc.com:8080/byod.

  3. Enable BYOD-redirect on a VLAN: vlan 101 portal web-server "byod."

  4. Configure BYOD-redirect free-rules on the on-boarding VLAN 101 to permit client traffic transit through DNS and DHCP servers using the following commands.To permit DNS traffic to/from a DNS server to a client through on-boarding VLAN:
    1. portal free-rule 1 vlan 101 source any udp 0 destination any udp 53

    2. portal free-rule 2 vlan 101 source any udp 53 destination any udp 0

    To permit DHCP traffic to/from DHCP server to client through on-boarding VLAN:
    1. portal free-rule 3 vlan 101 source any udp 68 destination any udp 67

    2. portal free-rule 4 vlan 101 source any udp 67 destination any udp 68

  5. Register the device in IMC on the on-boarding VLAN. When registration is successful, client traffic is placed into different VLAN (guest/corporate) configurations.

Client authentication configuration on edge switch

Enable MAC authentication on edge switch port 1-2 using the following commands:

  • # enable mac authentication on ports 1-2
  • aaa port-access mac-based 1-2
  • # configure number of client limits on port 1 and port2
  • aaa port-access mac-based 1 addr-limit 32
  • aaa port-access mac-based 2 addr-limit 32
  • radius-server host <radius ip> dyn-authorization
  • radius-server host <radius ip> time-window 0
Wired and wireless components configured in a network topology

Access Type

Edge Switch

Distribution Switch

Configuration ProcedureNote

Wired Access

Edge switch (for example 2530)

5400 switch

  1. Register the edge switch in HPE IMC.

  2. Create the configuration on the edge switch.

  3. Create the configuration on 5400 switch.

Wireless Access

   
  1. Make the HPE MSM controller reachable by IMC.

  2. Ensure that access points (HPE 422) are managed by the MSM controller.

  3. Configure MAC or 802.1X authentication on the MSM controller.

  4. Create the configuration on the 5400 switch.

Wired and wireless components configured in a network topology
Wired clients solution

Access Type

Edge Switch

Distribution Switch

Configuration Procedure

Wired Access

Edge switch (for example 2530)

Switch 3810

  1. Register the edge switch and distribution switch in IMC.

  2. Ensure that both the edge and distribution switch can reach the DHCP and DNS server.

  3. Create the configuration on the edge switch.

  4. Create the configuration on the distribution switch.

Wired clients solution
Configuration and access for wired clients on an edge switch

Access Type

Edge Switch

Distribution Switch

Configuration Procedure

Wired Access

Edge switch (for example 3500)

N/A

  1. Register the edge switch in IMC.

  2. Ensure that the edge switch is reachable by the DHCP and DNS server.

  3. Create the configuration on the edge switch.

  4. Create the configuration on the edge switch.

Configuration and access for wired clients on an edge switch