Hi!
We have several locations containing one or more core switches and 4-5 edge switches w/ PoE and access points connected.
In order to prevent unauthorised access to any of the open switches or access points we decided to secure the access ports.
We implemented 802.1x EAP-RADIUS and added every computer and printer to our active directory w/ MAC-addresses.
The devices successfully authenticates to the Windows Server 2019 NPS server, but the problem is how to secure the access ports switch-switch and AP-switch.
I tried to configure one switch's uplink port as supplicant, but since it uses the the MD5 protocol the NPS server denies access due to an obsolete EAP protocol.
The same issue happens when i configure the APs as supplicants since they also authenticates by MD5.
I tried to set the uplink port on switch 1 at "static mac" so that the first connected device (switch 2) unlocks the port, but the clients on switch 2 can't get any traffic through so I don't think that this solution will work on the connected APs either.
Does anyone have a suitable solution for this?
We use HPE 2530 PoE switches and Ruckus R510 APs
------------------------------
Daniel Nordin
------------------------------