- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: 802.1X with Alcatel IP Phone
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2009 02:44 AM
тАО11-13-2009 02:44 AM
Re: 802.1X with Alcatel IP Phone
I set it in auto mode and when I connect a not 802.1X compliant I doesn't have acces to the network.
I want that 802.1X compliant clients use dynamic attribution VLAN and use static VLAN defined on the port for not 802.1X compliant clients.
----------------------------------------
aaa port-access authenticator < port-list >
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized: Also termed "Force Authorized". Gives access to a device connected to the port. In this case, the device does not have to provide 802.1X credentials or support 802.1X authentication. (You can still
configure console, Telnet, or SSH security on the port.)
auto (the default): The device connected to the port must support 802.1X authentication and provide valid credentials to get network access. (Optional: You can use the Open VLAN mode to provide a path for clients without 802.1X supplicant software to down-load this
software and begin the authentication process. Refer to "802.1X Open VLAN Mode" on page 11-27.)
unauthorized: Also termed "Force Unauthorized". Do not grant access to the network, regardless of whether the device provides the correct credentials and has 802.1X support. In this state, the port blocks access to any connected device.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2009 11:16 PM
тАО11-13-2009 11:16 PM
Re: 802.1X with Alcatel IP Phone
Someone can explain the "aaa port-access authenticator control" command because I want to allow both 802.1X compliant client a not 802.1X compliant to acces netwok ?
jeff reply:
this commands dictates how the switch will control 802.1X enabled ports...
default is auto, meaning if the device authenticates via radius, do what radius says...if device doesn't authenticate, then switch blocks that port...
on - means don't try to authenticate at all, just let all traffic pass...
off - don't allow traffic at all, even if the device trys to authenticate...
BOUE said:
I set it in auto mode and when I connect a not 802.1X compliant I doesn't have acces to the network.
jeff reply:
that is correct function
BOUE said:
I want that 802.1X compliant clients use dynamic attribution VLAN and use static VLAN defined on the port for not 802.1X compliant clients.
jeff reply, then the way to configure that 802.1X function is to define what is called the "unauthenticated vlan"...this is generally not the vlan the ports are statically assigned to, and i've never tried it to be, i always define a separate vlan...
so, to configure this:
1) create a vlan
2) control is access to the network via ACL(s)
3) provide the vlan with DHCP services and ip-helper on the vlan
4) then this command:
'aaa port-access authenticator
hth...jeff
ps, i looked at the event info you provided earlier (running the french thru a translator on google), but the messages viewed didn't really tell me anything...it didn't look like they were the radius messages...
so i assume that is why you are looking at this other option...
cheers..jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2009 12:41 AM
тАО11-16-2009 12:41 AM
Re: 802.1X with Alcatel IP Phone
They must have a function to no authenticate phones.
What could LLDP-MED compliance do for that if my phone was ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-18-2009 06:45 AM
тАО11-18-2009 06:45 AM
Re: 802.1X with Alcatel IP Phone
In fact I already user the unauth vlan for computers, so I can't user it for my phone.
They must have a function to no authenticate phones.
jeff said: none that i've seen...
BOUE said: What could LLDP-MED compliance do for that if my phone was ?
jeff said: if you have LLDP-MED compliant phones, you can remove the phone ports for 802.1X control and instead put those ports into a "no use" vlan [ie, no ip addr on the vlan ,etc]...then when the phone connects, the switch will see that it is a phone (via LLDP-MED) and can assign that port to the "voice" vlan...however, the port in this case is no longer under 802.1X authentication control, and you have less security...
hth...jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-18-2009 07:44 AM
тАО11-18-2009 07:44 AM
Re: 802.1X with Alcatel IP Phone
I read in "How to use LLDP-MED with IP phones and ProCurve switches" :
More security: LLDP-MED runs after 802.1X, to prevent unauthenticated devices from gaining access to the network.
So we need to pass the authentication before LLDP-MED runs.
- « Previous
-
- 1
- 2
- Next »