Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

MAC Access to switches, HELP!

Jonathan Axford
Trusted Contributor

MAC Access to switches, HELP!

Hi All,

I work at a large college, We have a problem of unauthorised equipment being plugged into the network, I am trying to find a way of restricting access to the network to only certain MAC Addresses, Is there a way to do this using HP PRocurve equipment.

We have a mixture of 9300 at the Core and 5300, 4100, 2500 and 2600 at the edge.

Any idea's would be much appreciated,

Cheers
Where there is a will there is a way...
10 REPLIES
Sietze Reitsma
Respected Contributor

Re: MAC Access to switches, HELP!

Hello,

There are different ways to authenticate clients. In the past Mac adresses where entered manually on the portconfiguration. Very time consuming if you move and change clients. Authenticating Mac adresses against a central Radius server like MS IAS is supported on the 2600 and 5300 series.

A better way is to use 802.1x. All the edge devices you have support it.

types of authentication per platform
5300 series:802.1x, web-logon, Mac-logon
2600 series:802.1x, web-logon, Mac-logon
4100 series:802.1x
2500 series:802.1x

Functionality is described in the security manuals which you can find on www.procurve.com under the section tech support.

suggestion: approach someone who has experience on this subject, it saves you time.



Jonathan Axford
Trusted Contributor

Re: MAC Access to switches, HELP!

Thanks for the Info, Has helped already, the only thing i am struggling with now is setting up the radius server, Do you know of any doc's that would assisst me in setting up MS IAS?

Also, Do you need the IDM portion of PCM+ to facilitate this?
Where there is a will there is a way...
Antoniov.
Honored Contributor

Re: MAC Access to switches, HELP!

Hi,
about radious server read here
http://www.gnu.org/software/radius/radius.html
For download free radious server click here
http://www.freeradius.org/
This article can help you about radiuos and procurve
http://www.techworld.com/security/news/index.cfm?newsid=2395&page=1&pagepos=3

Antonio Vigliotti
Antonio Maria Vigliotti
Jonathan Axford
Trusted Contributor

Re: MAC Access to switches, HELP!

Cool, Cheers.

Have one more Question....

I have been playing with MAC based authentication on an HP 2626-PWR. I have the security guide for this switch and i am running the latest software (H_08_69), it says to use the following commands :

aaa port-access mac-based Etc..

The switch does not recognise the 'Mac-based' part , it will only let me enter :

aaa port-access Authenticator

or

aaa port-access supplicant

Does this mean that the 2600 switch will only support 802.1x and not mac/web authentication?
Where there is a will there is a way...
Jonathan Axford
Trusted Contributor

Re: MAC Access to switches, HELP!

Have sorted this now, A software update did the trick! (Look slike i had missed one!)

Still struggling to setup the radius side of it though. I have got the switch to block everything at he mo, but i can't get it to authenticate with my radius server.

I am using MS IAS as the radius server. Anyone know any useful links or idea's on how to set up microsoft IAS for MAC authentication???
Where there is a will there is a way...
Antoniov.
Honored Contributor

Re: MAC Access to switches, HELP!

Jonathan Axford
Trusted Contributor

Re: MAC Access to switches, HELP!

Thanks for all your help, Have decided to try the port-security feature for now.
The actual environment is going to be fairly static, with not many changes to machines etc. so hopefully this should do the trick!
Where there is a will there is a way...

Re: MAC Access to switches, HELP!

Hello Jonathan,

try to get your hands on the ProCurve Security Training manual. There in the LAB- guide is a detailed description how to configure MS IAS as Radius for the ProCurve devices.
Drew_38
Frequent Advisor

Re: MAC Access to switches, HELP!

Frank;

You mention the "ProCurve Security Training manual". Where is that avaiable? Or do you have to go on a course to get it?
Jonathan Axford
Trusted Contributor

Re: MAC Access to switches, HELP!

Cheers for help guys, I think the training manual does come as part of an HP course, as i have spoken to our HP account manager about it.
Where there is a will there is a way...