- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 802.1x and MAC authentication on a single port
Switches, Hubs, and Modems
1752734
Members
5299
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2010 07:02 AM
тАО07-05-2010 07:02 AM
802.1x and MAC authentication on a single port
Hi
If you enable 802.1x and MAC authentication on a single port (Procurve 2610 switch), does it have to pass both authentication methods to get network access or can it pass either?
Thanks for your help
If you enable 802.1x and MAC authentication on a single port (Procurve 2610 switch), does it have to pass both authentication methods to get network access or can it pass either?
Thanks for your help
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2010 11:21 PM
тАО07-05-2010 11:21 PM
Re: 802.1x and MAC authentication on a single port
it can pass either.
so for example a phone authenticate with MAC auth and a client behind the phone with 802.1x. If the client authentication fails the phone is still authenticated.
You should not forget to raise the number of clients in your config which can authenticated on a single port.
so for example a phone authenticate with MAC auth and a client behind the phone with 802.1x. If the client authentication fails the phone is still authenticated.
You should not forget to raise the number of clients in your config which can authenticated on a single port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2010 06:56 AM
тАО07-06-2010 06:56 AM
Re: 802.1x and MAC authentication on a single port
Thanks
The plan was that when reinstalling a users PC we would initially use MAC authentication to complete the deployment then once the machine was on the domain and had its certificate we would switch to 802.1x certificate authentication. In testing when the certificate authentication is granted access and MAC authentication is denied, the MAC authentication appears to overide the former resulting in the PC being blocked from accessing the network. Is it possible to do this? am I missing something?
From the manual
Applying Web Authentication or MAC Authentication Concurrently
with Port-Based 802.1X Authentication: While 802.1X port-based access
control can operate concurrently with Web Authentication or MAC Authentication,
port-based access control is subordinate to Web-Auth and MAC-Auth
operation. If 802.1X operates in port-based mode and MAC or Web authentication
is enabled on the same port, any 802.1X authentication has no effect on
the ability of a client to access the controlled port. That is, the client├в s access
will be denied until the client authenticates through Web-Auth or MAC-Auth
on the port. Note also that a client authenticating with port-based 802.1X does
not open the port in the same way that it would if Web-Auth or MAC-Auth were
not enabled. That is, any non-authenticating client attempting to access the
port after another client authenticates with port-based 802.1X would still have
to authenticate through Web-Auth or MAC-Auth.
The plan was that when reinstalling a users PC we would initially use MAC authentication to complete the deployment then once the machine was on the domain and had its certificate we would switch to 802.1x certificate authentication. In testing when the certificate authentication is granted access and MAC authentication is denied, the MAC authentication appears to overide the former resulting in the PC being blocked from accessing the network. Is it possible to do this? am I missing something?
From the manual
Applying Web Authentication or MAC Authentication Concurrently
with Port-Based 802.1X Authentication: While 802.1X port-based access
control can operate concurrently with Web Authentication or MAC Authentication,
port-based access control is subordinate to Web-Auth and MAC-Auth
operation. If 802.1X operates in port-based mode and MAC or Web authentication
is enabled on the same port, any 802.1X authentication has no effect on
the ability of a client to access the controlled port. That is, the client├в s access
will be denied until the client authenticates through Web-Auth or MAC-Auth
on the port. Note also that a client authenticating with port-based 802.1X does
not open the port in the same way that it would if Web-Auth or MAC-Auth were
not enabled. That is, any non-authenticating client attempting to access the
port after another client authenticates with port-based 802.1X would still have
to authenticate through Web-Auth or MAC-Auth.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-07-2010 03:04 AM
тАО07-07-2010 03:04 AM
Re: 802.1x and MAC authentication on a single port
Resolved the MAC authentication overriding the 802.1x authentication by changing the 802.1x authentication from port-based to user-based.
Cheers
Cheers
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP