Port Security Or 802.1X Authentication On Non-Server Network

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I have a closed network of 3 switches and 40 computers. 35 of those computers (Windows 7 x64 Professional) need to be plugged into any of the 24 ports on 2 of the switches at any time depending on the need and location of the user. I want to secure the switch to only allow these specific computers to connect. If another computer plugs in I want the switch to disable the port.

On previous small networks with no movement I configured each port with Port Security and the correct MAC Address of the computer. But for this I have more MACs than the Port Security table can handle. I was thinking about using 802.1X but I don't have a router on this system of which I am told I need for 802.1X. When I Google information for 802.1X configuration I end up with a lot of information on Wireless of which we don't use.

So my question is can I do 802.1X without a router and if so is there information on how to configure a server if needed? I have the switches setup with RADIUS authentication to access the SSH and console which works great.

Switches are HP ProCurve 2910al-24G.

mac-address hp-procurve authentication port-security radius

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

asked 3 hours ago

JukEboX

20519

add a comment | 

up vote
1
down vote

favorite

I have a closed network of 3 switches and 40 computers. 35 of those computers (Windows 7 x64 Professional) need to be plugged into any of the 24 ports on 2 of the switches at any time depending on the need and location of the user. I want to secure the switch to only allow these specific computers to connect. If another computer plugs in I want the switch to disable the port.

On previous small networks with no movement I configured each port with Port Security and the correct MAC Address of the computer. But for this I have more MACs than the Port Security table can handle. I was thinking about using 802.1X but I don't have a router on this system of which I am told I need for 802.1X. When I Google information for 802.1X configuration I end up with a lot of information on Wireless of which we don't use.

So my question is can I do 802.1X without a router and if so is there information on how to configure a server if needed? I have the switches setup with RADIUS authentication to access the SSH and console which works great.

Switches are HP ProCurve 2910al-24G.

mac-address hp-procurve authentication port-security radius

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

asked 3 hours ago

JukEboX

20519

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I have a closed network of 3 switches and 40 computers. 35 of those computers (Windows 7 x64 Professional) need to be plugged into any of the 24 ports on 2 of the switches at any time depending on the need and location of the user. I want to secure the switch to only allow these specific computers to connect. If another computer plugs in I want the switch to disable the port.

On previous small networks with no movement I configured each port with Port Security and the correct MAC Address of the computer. But for this I have more MACs than the Port Security table can handle. I was thinking about using 802.1X but I don't have a router on this system of which I am told I need for 802.1X. When I Google information for 802.1X configuration I end up with a lot of information on Wireless of which we don't use.

So my question is can I do 802.1X without a router and if so is there information on how to configure a server if needed? I have the switches setup with RADIUS authentication to access the SSH and console which works great.

Switches are HP ProCurve 2910al-24G.

mac-address hp-procurve authentication port-security radius

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

asked 3 hours ago

JukEboX

20519

I have a closed network of 3 switches and 40 computers. 35 of those computers (Windows 7 x64 Professional) need to be plugged into any of the 24 ports on 2 of the switches at any time depending on the need and location of the user. I want to secure the switch to only allow these specific computers to connect. If another computer plugs in I want the switch to disable the port.

On previous small networks with no movement I configured each port with Port Security and the correct MAC Address of the computer. But for this I have more MACs than the Port Security table can handle. I was thinking about using 802.1X but I don't have a router on this system of which I am told I need for 802.1X. When I Google information for 802.1X configuration I end up with a lot of information on Wireless of which we don't use.

So my question is can I do 802.1X without a router and if so is there information on how to configure a server if needed? I have the switches setup with RADIUS authentication to access the SSH and console which works great.

Switches are HP ProCurve 2910al-24G.

mac-address hp-procurve authentication port-security radius

mac-address hp-procurve authentication port-security radius

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

asked 3 hours ago

JukEboX

20519

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

asked 3 hours ago

JukEboX

20519

share|improve this question

share|improve this question

edited 2 hours ago

Zac67

22.2k21250

edited 2 hours ago

Zac67

22.2k21250

edited 2 hours ago

Zac67

22.2k21250

22.2k21250

asked 3 hours ago

JukEboX

20519

asked 3 hours ago

JukEboX

20519

asked 3 hours ago

JukEboX

20519

20519

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
3
down vote

The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.

MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54326%2fport-security-or-802-1x-authentication-on-non-server-network%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote

The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.

MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

add a comment | 

up vote
3
down vote

The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.

MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

add a comment | 

up vote
3
down vote

up vote
3
down vote

The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.

MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.

MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

share|improve this answer

share|improve this answer

answered 2 hours ago

Zac67

22.2k21250

answered 2 hours ago

Zac67

22.2k21250

answered 2 hours ago

Zac67

22.2k21250

22.2k21250

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54326%2fport-security-or-802-1x-authentication-on-non-server-network%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email