HPE Community
Switches, Hubs, and Modems
1821541 Members
2127 Online
109633 Solutions
New Discussion юеВ

802.1x and unmanaged switches downstream

 
SOLVED
Go to solution
Domenico Viggiani
Super Advisor

тАО03-08-2006 09:15 PM

тАО03-08-2006 09:15 PM

802.1x and unmanaged switches downstream

Hi,
I configured 802.1x authentication on edge switches and it works.
Now someone connected a downstream unmanaged switch to an authenticated port and I'm noticing strange results.
What is the expected behaviour in this case?

Thanks

0 Kudos
4 REPLIES 4
Kell van Daal
Respected Contributor

тАО03-09-2006 02:56 AM

тАО03-09-2006 02:56 AM

Solution

Re: 802.1x and unmanaged switches downstream

Hi Domenico,

The expected behaviour differs with switches.
If the switch supports multiple 802.1X authencations per port, the behaviour would be that each client on the unmanaged switch would need to authenticate themselves before being granted access.
If the switch does not support multiple 802.1x authentications, the behaviour would be that only 1 client needs to authenticate, and that all other clients on the unmanaged switch can "piggyback" (use the authenticated connection from the first client).

Hope this helps,

Kell
Ralph Bean_2
Trusted Contributor

тАО03-09-2006 02:56 AM

тАО03-09-2006 02:56 AM

Re: 802.1x and unmanaged switches downstream

Domenico, some unmanaged switches filter 802.1X pdus.

It is a good idea to implement 802.1X on the switch that is directly attached to the end node, with no intervening network devices (that either do not support 802.1X or have it disabled).

Ralph
Domenico Viggiani
Super Advisor

тАО03-09-2006 03:11 AM

тАО03-09-2006 03:11 AM

Re: 802.1x and unmanaged switches downstream

Kell,
I'm using Procurve 2524s at the edge and I don't know if they support multiple 802.1x authentications (I think no).

Only chance is to eliminate 'dumb' switches everywhere but unfortunately in some place I have no choice (there are no enough net ports at wall).

Thanks
0 Kudos
Kell van Daal
Respected Contributor

тАО03-10-2006 01:17 AM

тАО03-10-2006 01:17 AM

Re: 802.1x and unmanaged switches downstream

Hi Domenico,

the 2500 serie does indeed not support multiple 802.1X authentications per port.
So if you want to make sure everyone has to authenticate, there are only two options.
Indeed eliminate all unmanaged devices or replace the 2500 serie switches...

Kell
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.