Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

802.1x and unmanaged switches downstream

SOLVED
Go to solution
Domenico Viggiani
Super Advisor

802.1x and unmanaged switches downstream

Hi,
I configured 802.1x authentication on edge switches and it works.
Now someone connected a downstream unmanaged switch to an authenticated port and I'm noticing strange results.
What is the expected behaviour in this case?

Thanks

4 REPLIES
Kell van Daal
Respected Contributor
Solution

Re: 802.1x and unmanaged switches downstream

Hi Domenico,

The expected behaviour differs with switches.
If the switch supports multiple 802.1X authencations per port, the behaviour would be that each client on the unmanaged switch would need to authenticate themselves before being granted access.
If the switch does not support multiple 802.1x authentications, the behaviour would be that only 1 client needs to authenticate, and that all other clients on the unmanaged switch can "piggyback" (use the authenticated connection from the first client).

Hope this helps,

Kell
Ralph Bean_2
Trusted Contributor

Re: 802.1x and unmanaged switches downstream

Domenico, some unmanaged switches filter 802.1X pdus.

It is a good idea to implement 802.1X on the switch that is directly attached to the end node, with no intervening network devices (that either do not support 802.1X or have it disabled).

Ralph
Domenico Viggiani
Super Advisor

Re: 802.1x and unmanaged switches downstream

Kell,
I'm using Procurve 2524s at the edge and I don't know if they support multiple 802.1x authentications (I think no).

Only chance is to eliminate 'dumb' switches everywhere but unfortunately in some place I have no choice (there are no enough net ports at wall).

Thanks
Kell van Daal
Respected Contributor

Re: 802.1x and unmanaged switches downstream

Hi Domenico,

the 2500 serie does indeed not support multiple 802.1X authentications per port.
So if you want to make sure everyone has to authenticate, there are only two options.
Indeed eliminate all unmanaged devices or replace the 2500 serie switches...

Kell