- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Port Security Exclusions?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2008 05:49 AM
тАО09-16-2008 05:49 AM
Port Security Exclusions?
Next I want to exclude Mitel IP phones from authentication - or grant any devices beginning with 08-00-0f (mitel vendor code) access to our voice vlan. I also need to be able to add exclusions for any devices which don't support 802.1x but that we are aware of. Is this possible? I presume this would be configured on the switch or radius server and not touch any part of IDM?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 12:46 AM
тАО09-17-2008 12:46 AM
Re: Port Security Exclusions?
For other devices that don't support 802.1X, you can use the unauth-vid feature which will put those users into a different (more restricted?) VLAN.
You could also use mac-auth and web-auth for those devices.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 01:48 AM
тАО09-17-2008 01:48 AM
Re: Port Security Exclusions?
This link may help you
http://www.procurve.com/NR/rdonlyres/06538B80-6DB0-4AC6-893E-8E8E12A180C6/0/ConfiguringFreeRADIUSwithIDMbyExample_Dec_07_WW_Eng_Ltr.pdf
Regards,
Points are welcomed
Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-17-2008 11:33 PM
тАО09-17-2008 11:33 PM
Re: Port Security Exclusions?
Jan - thanks. That looks like a good document and covers the configuration of radius that is missing from the IDM manual.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2008 12:26 AM
тАО09-18-2008 12:26 AM
Re: Port Security Exclusions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2008 06:39 AM
тАО09-18-2008 06:39 AM
Re: Port Security Exclusions?
This means our only option is some sort of exclusion or mac based authentication. When I initially started looking at IDM I was under the impression that it might play a more active role in authenticating users and devices. I was hoping we could setup lists of devices, or mac vendor wildcards which would be placed into certain vlans. For example, all our digital xray viewers would be placed into our PACS vlan. All our heart rate monitors would be placed into their vlan. Because we use multiple vlans for different classes of non-windows devices we're unable to make use of the unauth vlan.
I thought about perhaps just deploying 802.1x to switches and ports where we know standard windows workstations are connected, but this somewhat defeats the objective we are trying to achieve, which was to lock down the network as much as possible but maintain easy management and not increase support overheads.