- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 802.1x with local authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2008 07:54 AM
тАО08-06-2008 07:54 AM
Re: 802.1x with local authentication
I updated a 2650 to H.10.50 software and tested. So far, I am running into authentication failures as well, but am still playing with it.
I also tested using a 5406, which has a slightly different syntax for entering the passwords for local radius. However, looking at the documentation for the 2600's and the 5400's, it does indicate the local switch passwords can be used in lieu of an external radius server.
I'll try and do some more testing today as I feel we are just missing one small piece...
Regards,
Jarret
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2008 09:59 AM
тАО08-06-2008 09:59 AM
Re: 802.1x with local authentication
I did some more testing this morning. I set up a packet capture using Wireshark on my laptop and configured port 10 on my 2650 as the authenticator port. I also changed my NIC authentication for an EAP type of MD5-Challenge.
Watching the packet capture, I see the following:
1. EAPOL start
2. Identity request from the switch
3. Identity request from my laptop containing the password I entered for authentication
4. Request MD5-Challenge from the switch
5. Response MD5-Challenge from my laptop
6. EAP Success
On the switch, I checked the show port-access authenticator and my port 10 has changed from a status of closed, to a status of open once the EAP Success message was seen in the packet capture.
However, my NIC is still reporting it is "attempting to authenticate". Watching the packet capture for several minutes, the EAP process would run over and over with the same results as above each time.
It looks like using MD5-Challenge, I am getting successfully authenticated and the switch port opens as expected, but something seems to be broken since the NIC never moves into a connected state.
It might be worth opening up a ticket with ProCurve support. My thoughts are that either this is broken, or if it is not an option, then the documentation needs further clarification.
On a sidenote, I checked the documentation of the 5400 series ProCurve, and it also mentions this as an option. The only difference is that instead of using the operator username/password, you actually use a command of password port-access to configure a unique username/password scheme for local port-access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2008 11:42 AM
тАО08-06-2008 11:42 AM
Re: 802.1x with local authentication
Another thought:
I am not sure of your ultimate goal using the port-access with local authentication from the switch, but have you looked at the port-security function as a possible option?
Using port-security, it looks like you can locally define up to eight MAC addresses per port that are authorized to connect. Perhaps this would provide the port-based security without the need for adding a Radius server.
Regards,
Jarret
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 04:51 AM
тАО08-07-2008 04:51 AM
Re: 802.1x with local authentication
you are need tree component
suplicant ------pc
authenticator------switch
authentication server----radius
without radius server out of action 802.1x protocol on network
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 05:03 AM
тАО08-07-2008 05:03 AM
Re: 802.1x with local authentication
My switch is in a office where severals society are working on.
We've got the same network rack but we have got our own switch.
To ensure that other society will not use our network, i need to secure the network access.
I also cannot use Radius authentication because this society have no local server ( there are all managed by external society)
So, Mac address filtering isn't very easy to manage. I have 2 conference office which are needed the network for itinerant people.
I'll try to use Mac Filtering until i find a better solution.
Thanks all.
Kind Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 05:31 AM
тАО08-07-2008 05:31 AM
Re: 802.1x with local authentication
mac filter operation (namely port-seucrity )
no best way your network configuration because each user be lock one port not wroking other port (very statically )
My advice
you can seperate vlan each user group for securtiy
for example
vlan 1 :managemet vlan
vlan 2 :office user1
vlan 3 :office user2
vlan 4 :itinerant user
and you can install on your network radius server for all user with 802.1x authentication
802.1x authentication very successfull security protocol for lan and bring with radius remote active directory rules assign dynamicaly vlan for domain users
cenk
- « Previous
-
- 1
- 2
- Next »