Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Anyone running 802.1x auth. on Baystack? 1

Status
Not open for further replies.

VOIPaintEASY

IS-IT--Management
Feb 5, 2005
100
US
Thinking about using port auth. for security reasons on a floor with public access to live ports. Anyone have some expertise in the Baystack setup with a Radius server?
 
I hope this isn't reviving too stale of a thread, but it's further to this topic.

We're looking to set up a similar configuration. Our problem, however, is that we have Nortel i2002 phones attached to these switches with PCs attached to the phones. According to the documentation I've read for version 3.6 of the Baystack software, only one MAC address is permitted through the controlled port once it is authorized. Is this in fact the case? Does anyone have any suggestions for alternate configurations?

Our primary aim here is to prevent "guests" from accessing our LAN by unplugging one of our enterprise PCs from the phone (or wall jack) and plugging in their own computers.

Thanks!
 
Hi Mike,
I assume you have a baystack like a 470. By default, the ports only allow one authenticated device to work. There is a command "eapol multihost <port> enable [eap-mac-max <1-32>]. This allows you to specify how many hosts per port are allowed to run EAP authentication. Therefore if you set it to 2, your PC and IP phone can both authenticate. You can also set this via JDM by editing the port and going to the EAP tabs. Hope that helps.
Alan
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top