- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- port based authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-13-2007 03:42 PM
тАО02-13-2007 03:42 PM
port based authentication
One thing we talked about was port based authentication.
I'm not really looking for how to do it, i just want to know what I need to read, and to make sure i am researching the correct things.
We talked about a machine receiving a certificate to logon. The certificate will make sure the pc can get onto the network prior to a user loggin in so any computer gpo settings will be allowed to happen, as these happen before a user logs in.
What is this part called?
Once the machine has a certificate, it can be on the network, untill a user logs in. Once that user logs in it authenticates to a RADIUS (Is this correct) server, where the radius server and the DHCP server work together to give the client it's new IP and assign that port to the proper vlan based on the user name.
Basically we want it so that any port is useless unless, the hardware holds a certificate, and once logged on, the port is re-assigned a vlan and the proper ip corrisponding with that vlan... This will keep anyone from simply unplugging their pc and plugging in to get high speed internet, and meet a security concern.
Just looking for reading material and key words so i know what top specifically pay attention to.
Thanks Guy's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-15-2007 01:46 AM
тАО02-15-2007 01:46 AM
Re: port based authentication
I believe you are asking about IEEE 802.1AE Media Access Control Security or MACSec.
http://en.wikipedia.org/wiki/802.1ae
As it is a rather new standard, you would have to purchase it from IEEE.
Probably your best approach will be to Google 802.1ae or MACSec.
Lastly, depending on what your needs are, you also have the option of IEEE 802.1x.
http://en.wikipedia.org/wiki/802.1x
Hope this helps,
Dennis
I work for HP, but my posts and replies are my own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-15-2007 02:22 AM
тАО02-15-2007 02:22 AM
Re: port based authentication
I'm just now reading through the spec to better understand the protocol. It looks like the protocol itself is not responsible for differentiating between the rights of a machine account vs. the rights of an authenticating user. So, what your probably asking for is the definition of this transition step where the OS is providing an extensible solution on top of the protocol. Is this true?
I work for HP, but my posts and replies are my own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-15-2007 03:05 AM
тАО02-15-2007 03:05 AM
Re: port based authentication
Once user JCOOL sits down and logs in, the computer reauthenticates to the switch as jcool, jcool authenticated to the radius server and puts him in his correct vlan based on his username.
I know it can be done, i just dont remember what the authentication names are...
There are two steps to authentication here...
the first is by a certificate issued by our CA, which would have to be manually installed on all PC's at first...
The second is based on the user.
This will keep peopl from unplugging the PC and plugging in their laptop and abusing our bandwidth...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-15-2007 03:58 AM
тАО02-15-2007 03:58 AM
Re: port based authentication
There is lots of info on the web for working with 802.1x. Most importanly, your switch has to support it as well as your NIC.
RADIUS and/or TACACS are the two services most commonly used to do authentication, etc.
This might be a good place to start, assuming your in a Windows XP environment:
http://www.stevens.edu/itwiki/cgi-bin/wiki/index.php?title=802.1x
Take a look at the section: Facts on Using 802.1x with Protected EAP
Hope this is closer to the mark.
Dennis
I work for HP, but my posts and replies are my own.