This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AP3912: 802.1X and MAC-Auth parallel on wired ports ?

AP3912: 802.1X and MAC-Auth parallel on wired ports ?

Volker_Kull
Contributor

‎11-08-2018 02:33 PM

Hello !
I need 802.1X and MAC-Auth parallel on wired Ports of AP3912i. In the WLAN-Profile > Auth& Acct you can configure 802.1X and MAC-Auth with configuration of the RADIUS Servers for X and MAC. In my configuration 802.1X works perfect with rule overwrite from control ... but I see no MAC auth on clients not supporting 802.1X.
Is that supported ?
Has anybody this configuration up and running ?

Thx for information...

br
Volker
0 Kudos
4 REPLIES 4

Volker_Kull
Contributor

‎11-29-2018 11:14 AM

A short update after some lab testing and a customer project with using wired port authentication on AP3912i:
  • solo MAC or 802.1X authentication on wired ports is working via configuration of a WLAN service (I had EWC, XMC and Control running)
  • MAC bypass (no fallback!) in combination with 802.1X is working as well
  • Multi user authentication on wired ports is working but I don´t know how many devices are possible behind a single port
But, there are some important things to remember:
  • never use a session timeout in the WLAN service for wired ports other than 0 (this makes you and the customer very unhappy - I don´t know why...)
  • Using MUA on a wired port (f.e. with ip-Phone and PC) you have to remember that both devices are in the same SSID(VLAN) but with different IPs (MAC-upstreamVLAN(and IP) matching via authenticated role). Think that the switch is working like a WIFI network.
  • I could not use MAC authentication as a fallback mechanism. If the client aswer the EAPOL request and get´s a reject from RADIUS(NAC), this client cannot authenticate via MAC. I don´t know if this is FAD or a bug.
  • NO troubleshooting for wired ports, no port up/down view, no logs.... NOTHING !!!!
So this is a good product, but bad implementation for wired ports. It´s a pitty!
I have no Idea how this will work if you use the 3912i as an IOT-Defender ....

br
Volker

Ronald_Dvorak
Honored Contributor

‎11-08-2018 03:14 PM

I'm also not able to connect my Samsung TV to the 3912 using a WLAN service with privacy WPA = 802.1X + MAC auth.

I use a PSK WLAN service with MAC auth enabled with ExtremeControl in that case = PSK WLAN for other non-802.1X capable wireless clients.
0 Kudos

Ronald_Dvorak
Honored Contributor

‎11-08-2018 03:05 PM

So the WLAN service that is used is just open/none ?
0 Kudos

John_Romero
New Contributor

‎11-08-2018 03:05 PM

I am using 3912s in our dorms and I was able to get the Pass through port to work with both 802.1x and MAC auth. This is because the switch port handles the multi-auth. My p1,p2 and p3 ports are tied to a certain SSID which doesn't handle multi auth, from what I've seen.

0 Kudos
GTM-P2G8KFN