Remote Networking

Reply
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

wired 802.1 x authentication

hi all,

i have read in the virtual branch office VRD that when using RAP wired ports for users to authenticate using 802.1x each port only support one device ie; i can't connect devices to a switch then connect the switch to the RAP port (if the clients use 802.1X)
ok but if i have a branch office with 5 devices and all must use 802.1X and the RAP only have 5 ports is there any way to overide this without getting another RAP?


regarding wired access in the controller

is it the same ie; each port of the controller only support one 802.1x device ?


thnx in advance
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: wired 802.1 x authentication

That is not the case, but the problem is finding a switch that supports 802.1X pass through. Typically if you attach a switch that is capable of doing 802.1X authentication it tries to intercept that session. If you tell the switch not to do 802.1X it assume you aren't doing it anywhere and filters the packets. Many switches that don't support 802.1X actually filter the request as well. What you'll need to find to make this work is a switch or hub that does not do 802.1X and doesn't filter it.

Also keep in mind that because users are being switched prior to getting to the firewall they will be able to communicate locally.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

Re: wired 802.1 x authentication

Hi Andy ,

thnx for your reply

i understood from your reply that if i used unconfigurable switch or a switch that donot do 802.1x at all then we could make multiple 802.1x users authenticate with the same port

am i right ?
is that scenario applicable to the controller port and the RAP port as well?

considering that scenario

RAP wired port -----------| IP phone ------------| 82.1X enabled PC?

how could i configure the RAP to deploy the previous scenario?

thnx in advance
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: wired 802.1 x authentication

Yes, that should work assuming that the phone passes the the PCs authentication without modification just as a hub would. As for the configuration, it depends on how the phone authenticates. If they both do 802.1X you're going to have a very easy time. Can you explain how the phone will authenticate to the network?

Thanks,
-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II
Posts: 67
Registered: ‎06-04-2009

Re: wired 802.1 x authentication

hi all,

the phone will authenticate by MAC based authentication to get voice role will this gonna work ?



what about the unconformable switch if i used it like i asked above will every think work proper;y ??


thnx in advance
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: wired 802.1 x authentication

It depends on what the phone does, which I can't really answer as we don't even know the model number. Even then the phone vendor is probably a better choice on how the phone works, I would just have to look up the user guides and data sheets.

The Aruba system should see the two stations as separate clients assuming that everything passes through the phone cleanly. You'll probably just have to try it and see what you get on the other side.

If I understand you're second question correctly you're asking if you had a switch that doesn't filter 802.1X could you use that, the answer is yes. If you can find one that also does PoE then you could additionally power the phones. I've used a small 8 port netgear with PoE to power APs, that might work for you.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Search Airheads
Showing results for 
Search instead for 
Did you mean: