Network Architecture & Design

Expand all | Collapse all

WLAN 802.1x PEAP Authentication should work with first device only

Michael Kirchner

Michael Kirchner03-07-2015 13:49

M.Nees

M.Nees06-20-2017 04:10

M.Nees

M.Nees07-03-2017 16:46

  • 1.  WLAN 802.1x PEAP Authentication should work with first device only

    Posted 02-04-2015 08:40
    Is it possible the restrict and limit an sucessfull 802.1x PEAP (Username / Password) Authentication to the first device only within NAC Gateway?

    During several customer projects such a feature would be very useful.

    Regards


  • 2.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 02-04-2015 08:55
    Do you mean one concurrent active client with this username/password or the first client that ever uses that username/password....


  • 3.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 02-04-2015 08:59
    Both szenarios are valid - if i have to choose between the two - one concurrent active client would more repesent customers needs.


  • 4.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 02-11-2015 10:14
    does nobody have a solution or maybe same requirements ?

    i have several customer projects where this is a needed feature. But my recent state is that NAC Gateway have no feature that makes this possible.

    If someone have same requirements, please post this! I hope if more customers requested this possibility enterasys/extreme will think about implementing this ...


  • 5.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 02-11-2015 16:58
    You could do a Authenticated Registration portal, but it wouldn't be a .1x ssid. But you could limit the user to have only one device registered.


  • 6.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 03-07-2015 13:49
    Same request from me


  • 7.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 05-08-2015 01:12
    This is something we are needing, working in education we need to be able to limit kids to one device.


  • 8.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 06-19-2017 08:51
    Any update on this "function" ?

    As far as my Google skills go I'm not able to find a solution for it using either ExtremeControl or Windows NPS.


  • 9.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 06-20-2017 04:10
    feature is still needed ....


  • 10.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 07-03-2017 16:46
    I'll send this thread along to PLM for them to work on the feature request.


  • 11.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 07-12-2017 05:11
    You can accomplish this by chaining FreeRADIUS servers. NAC would then send to an upstream FreeRADIUS server that uses the perl_rlm module to run a call back to the NAC DB to query for existing entries to then deny or proxy the RADIUS request.
    If you are using a local DB, then enable the simultaneous-use variable and set it to 1, for only one system at a time. I believe you will need radius-accounting for this to work as well.

    Edit: This was originally written for wired, and I have removed the wired portion as it would not work for wireless.


  • 12.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 10-19-2017 12:10
    Hi Matthias,

    stupid question:
    Wouldn't your requirement be satisfied with "configure netlogin ports X allowed-users


  • 13.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 07-03-2017 16:46
    Any feedback ?


  • 14.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 07-12-2017 05:11
    Cool solution (but not useable normal customer environment)!

    How many time do you spend to write/configure the perl_rlm module ? How do you realize the NAC DB query ?

    Regards,
    Matthias


  • 15.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 07-12-2017 05:11
    I don't see why it wouldn't be usable in a customer environment.

    it can't take that long. maybe an hour or two? depends on how good you are I guess. you can use the NAC API for the query.


  • 16.  RE: WLAN 802.1x PEAP Authentication should work with first device only

    Posted 10-19-2017 12:10
    Sometimes i have several clients on one port (= desktop switch). What i avoid is that a user is using his own username + pw (of windows) several times for several devices.

    Limiting the number of clients per switch port has therefore negative effects and do not address my concern directly.

    Regards