Security

Reply
New Contributor
Posts: 2
Registered: ‎02-11-2014

HP procurve 2610&2910 series mac and dot1x on same port for IP telephony and machine

Hi, i face an issue on how to configure the mac-auth and 802.1x on the same port so can support ip telephony and a computer machine behind it. problem is the following models of HP: HP 2610 PN: J9089A HP 2910 PN : J9146A HP 2920 PN J9729A only support user-based 802.1x and mac-based auth, however HP in this mode assume that whatever connect to the port it authenticated successfully on access tracker but keep seeing failure on the machine. please help.

MVP
Posts: 1,399
Registered: ‎10-25-2011

Re: HP procurve 2610&2910 series mac and dot1x on same port for IP telephony and machine

this question is probably better served in the HP forum.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Aruba Employee
Posts: 1
Registered: ‎11-16-2015

Re: HP procurve 2610&2910 series mac and dot1x on same port for IP telephony and machine

This should be possible: (a couple of models are older so it's possible it was different on those models, but I don't think so... the below should apply)

 

The key is that the 1x configuration on the port has to be configured to support multi-host (authenticate each device individually vs. port-mode which will open the port after it's authenticated). 

 

aaa port-access authenticator <interface(s)>

aaa port-access authenticator <interface(s)> client-limit <limit>

aaa port-access mac-based <interfaces(s)>

 

If you try to enable mac-based on the port prior to specifying the port for 1x multi-host you will get an error.  The 2 conflict as 1x port based will authenticate the port for all once authenticated.

 

you also need aaa port-access authenticator active

(and the appropriate radius configuration)

 

Hope it helps

PL

Search Airheads
Showing results for 
Search instead for 
Did you mean: