HPE Community
Operating System - HP-UX
1832948 Members
3333 Online
110048 Solutions
New Discussion

802.1X authentication with HP-UX

 
Matthias Schündehütte
Occasional Advisor

‎01-30-2012 04:52 AM

‎01-30-2012 04:52 AM

802.1X authentication with HP-UX

Hello,

 

our network provider requests that we have to authenticate all our machines with 802.1x in a few weeks.

 

What do I have to do? How does it work under HP-UX 11i v1,v2,v3?

 

Pointers are sufficient, man-pages welcome and a how-to would be great! :-)

 

Thank you very much - Matthias

 

 

0 Kudos
Reply
3 REPLIES 3
Bill Hassell
Honored Contributor

‎01-30-2012 11:28 AM

‎01-30-2012 11:28 AM

Re: 802.1X authentication with HP-UX

This is a start: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-AAAServer

 

Are you using  RADIUS authentication on your server already?



Bill Hassell, sysadmin
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎01-30-2012 01:46 PM

‎01-30-2012 01:46 PM

Re: 802.1X authentication with HP-UX

Yes, the HPUX-AAAServer can act as a 802.1x authentication server, i.e. it can make the decision whether the network switches and/or WLAN basestations placed under its control should provide service to a host or not.

 

http://en.wikipedia.org/wiki/802.1x

 

But it sounds like the original poster needs a 802.1x authentication client, a.k.a "supplicant" for HP-UX. Having a RADIUS server on the HP-UX does not help at all in that case: the expectation would be that the network provider already has a RADIUS server that controls the provider's network infrastructure, and when the authentication requirement goes into effect, any hosts that cannot satisfy a 802.1x authentication request will be locked out of the network.

 

The ability to act as an 802.1x authentication server is a common feature in RADIUS/AAA server products; on the other hand, tying the 802.1x client functionality to a RADIUS/AAA server product would be a very strange choice, given that the client functionality must be on every host in a 802.1x network environment. Looking at the feature list of the HP-UX AAA Server, I see the former, not the latter.

 

Unfortunately, I could not find any production-quality 802.1x client solutions for HP-UX with quick Googling. I saw some indications that some Cisco switches could act as 802.1x supplicants for uplink purposes, but using this to allow unauthenticated HP-UX systems to the network could be seen as willful circumvention of the authentication requirement, and might violate your service agreement with your network provider.

 

Having said that, it would seem to me that 802.1x would be a technology to protect widely-accessible network segments, e.g. wired networks in public places where any passerby could plug in his/her laptop. If your server is in such a network, you definitely have a problem - but the appropriate solution might be to find proper server-type hosting/network infrastructure for your servers.

MK
0 Kudos
Reply
Matthias Schündehütte
Occasional Advisor

‎01-31-2012 12:14 AM

‎01-31-2012 12:14 AM

Re: 802.1X authentication with HP-UX

Yes Matti, that's exactly the situation.

 

And you're right of course that 802.1x is mostly a solution to protect widely-accessible network segments. It seems that our network provider will accept MAC-address identification (and authentification) for servers.

 

Since FreeBSD as well as Linux seem to have an 802.1x supplicant (not yet tested) I want to find out if that's the case for HP-UX as well.

 

I expect that "my" servers are not the only HP-UX machines in our company, so someone has to solve the problem on a higher (management) level.

 

Thank you very much for your replies!

 

Matthias

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.