Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 2650, 802.1x, and excessive authentications

jose_104
Occasional Contributor

HP 2650, 802.1x, and excessive authentications

Hi,

I have HP 2650's authenticating to FreeRadius(with MySQL). The switch also gets it's port VLAN configuration from FreeRADIUS.

At the moment, I have it only doing MAC authentication over the PEAP protocol where any username/password is replaced with the MAC address of the authenticating supplicant(WinXP/2000); the MAC address is the username in the MySQL database. According to the switch and FreeRADIUS, this is working. I get Login OK in the FreeRADIUS logs and the port is configured to the correct VLAN.

However, the authentications occur every 30 seconds. This puts a large demand on the MySQL server and creates lots of log entries.

Is there a way for the switch to ignore reauthentications from the supplicants for a set amount of time?

Does anyone know if you can set the 802.1x reauthentication period on Windows?

It would be nice if a supplicant didn't try to reauthenticate for 10-15 minutes or until the interface 'flaps' (goes up then down)

Thanks,
1 REPLY
Jeff Brownell
Valued Contributor

Re: HP 2650, 802.1x, and excessive authentications

not sure if this will do what you need, but look in access security guide chapter 8 [Configuring Port-Based Access Control (802.1X)] ... ftp://ftp.hp.com/pub/networking/software/59906024-1004-Security-Guide.pdf