AP3912: 802.1X and MAC-Auth parallel on wired ports ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-08-2018 02:33 PM
Hello !
I need 802.1X and MAC-Auth parallel on wired Ports of AP3912i. In the WLAN-Profile > Auth& Acct you can configure 802.1X and MAC-Auth with configuration of the RADIUS Servers for X and MAC. In my configuration 802.1X works perfect with rule overwrite from control ... but I see no MAC auth on clients not supporting 802.1X.
Is that supported ?
Has anybody this configuration up and running ?
Thx for information...
br
Volker
I need 802.1X and MAC-Auth parallel on wired Ports of AP3912i. In the WLAN-Profile > Auth& Acct you can configure 802.1X and MAC-Auth with configuration of the RADIUS Servers for X and MAC. In my configuration 802.1X works perfect with rule overwrite from control ... but I see no MAC auth on clients not supporting 802.1X.
Is that supported ?
Has anybody this configuration up and running ?
Thx for information...
br
Volker
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-29-2018 11:14 AM
A short update after some lab testing and a customer project with using wired port authentication on AP3912i:
I have no Idea how this will work if you use the 3912i as an IOT-Defender ....
br
Volker
- solo MAC or 802.1X authentication on wired ports is working via configuration of a WLAN service (I had EWC, XMC and Control running)
- MAC bypass (no fallback!) in combination with 802.1X is working as well
- Multi user authentication on wired ports is working but I don´t know how many devices are possible behind a single port
- never use a session timeout in the WLAN service for wired ports other than 0 (this makes you and the customer very unhappy - I don´t know why...)
- Using MUA on a wired port (f.e. with ip-Phone and PC) you have to remember that both devices are in the same SSID(VLAN) but with different IPs (MAC-upstreamVLAN(and IP) matching via authenticated role). Think that the switch is working like a WIFI network.
- I could not use MAC authentication as a fallback mechanism. If the client aswer the EAPOL request and get´s a reject from RADIUS(NAC), this client cannot authenticate via MAC. I don´t know if this is FAD or a bug.
- NO troubleshooting for wired ports, no port up/down view, no logs.... NOTHING !!!!
I have no Idea how this will work if you use the 3912i as an IOT-Defender ....
br
Volker
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-08-2018 03:14 PM
I'm also not able to connect my Samsung TV to the 3912 using a WLAN service with privacy WPA = 802.1X + MAC auth.
I use a PSK WLAN service with MAC auth enabled with ExtremeControl in that case = PSK WLAN for other non-802.1X capable wireless clients.
I use a PSK WLAN service with MAC auth enabled with ExtremeControl in that case = PSK WLAN for other non-802.1X capable wireless clients.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-08-2018 03:05 PM
So the WLAN service that is used is just open/none ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-08-2018 03:05 PM
I am using 3912s in our dorms and I was able to get the Pass through port to work with both 802.1x and MAC auth. This is because the switch port handles the multi-auth. My p1,p2 and p3 ports are tied to a certain SSID which doesn't handle multi auth, from what I've seen.
