- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Procurve 802.1X question (wired network)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2009 09:42 AM
тАО02-01-2009 09:42 AM
Procurve 802.1X question (wired network)
I'm developing a NAC solution in a network using Procurve 2650 as Radius Client, IAS as Radius Server and Windows XP as supplicant.
I'm using an old firmware version (due to company needs), almost of 1 year ago.
My main question is: I have verified than when the switch opens a port because a client was successfully logged in to Radius, the port become open for everyone; so if I have more clients connected to one port, I can't control each of them in a separate way, I can only have my switch port open or closed.
Does exist a way to manage clients authentication separately for each of them?
Other problems are related to authentication protocols: I tried every protocols available between XP client and IAS: CHAP, EAP with digital certificates issued by server via AD, etc... but none of them working, I always have differents errors like:
The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server
or this:
The user attempted to use an authentication method that is not enabled on the matching remote access policy.
and some more, but I followed step by step the microsoft guide (http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=05951071-6B20-4CEF-9939-47C397FFD3DD&displaylang=en) or others good guides like this: http://alextch.members.winisp.net/802.1x/Defending%20your%20internal%20network%20with%20802.1x%20and%20Microsoft%20PKI.htm
Could the problem be related to the old firmware version or are the microsoft and others guides mistaken?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-02-2009 05:15 AM
тАО02-02-2009 05:15 AM
Re: Procurve 802.1X question (wired network)
---
port-security
Will only allow the switch to pass traffic from authenticated clients.
Though I have to warn you running multiple clients on an 802.1X authenticated port is inherently insecure and limited in terms of dynamic assignment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 08:21 AM
тАО02-03-2009 08:21 AM
Re: Procurve 802.1X question (wired network)
I've upgrade firmware and verified that the problem was related to its old version.
Now, with the latest version, I can login correctly also using PEAP.
Your suggestion is really useful, because I'm studying documentation in order to learn how to have a session control; in fact I want to have multiple clients connected to one port and prevent access to unauthorized pc.
I have verified that with more than 1 client connected to one port when one of them logon succesfully the port become open for everyone.
How can I control this situation?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-12-2009 08:43 AM
тАО02-12-2009 08:43 AM
Re: Procurve 802.1X question (wired network)
aaa port-access authenticator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-12-2009 08:48 AM
тАО02-12-2009 08:48 AM
Re: Procurve 802.1X question (wired network)
By enabling port-security in the way I suggested, you're limiting access to clients that have managed to authenticate.
Traffic for unauthenticated clients should not be forwarded by the switch, and traffic will not be forwarded towards an unauthenticated client by the switch.
This will not prevent unauthenticated devices attacking or snooping on any devices downstream of the 802.1X authenticated port.