07-08-2015 06:33 AM
Hi, i face an issue on how to configure the mac-auth and 802.1x on the same port so can support ip telephony and a computer machine behind it. problem is the following models of HP: HP 2610 PN: J9089A HP 2910 PN : J9146A HP 2920 PN J9729A only support user-based 802.1x and mac-based auth, however HP in this mode assume that whatever connect to the port it authenticated successfully on access tracker but keep seeing failure on the machine. please help.
07-08-2015 01:30 PM
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
01-28-2016 12:44 PM
This should be possible: (a couple of models are older so it's possible it was different on those models, but I don't think so... the below should apply)
The key is that the 1x configuration on the port has to be configured to support multi-host (authenticate each device individually vs. port-mode which will open the port after it's authenticated).
aaa port-access authenticator <interface(s)>
aaa port-access authenticator <interface(s)> client-limit <limit>
aaa port-access mac-based <interfaces(s)>
If you try to enable mac-based on the port prior to specifying the port for 1x multi-host you will get an error. The 2 conflict as 1x port based will authenticate the port for all once authenticated.
you also need aaa port-access authenticator active
(and the appropriate radius configuration)
Hope it helps