VOIPaintEASY
IS-IT--Management
Thinking about using port auth. for security reasons on a floor with public access to live ports. Anyone have some expertise in the Baystack setup with a Radius server?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Anyone running 802.1x auth. on Baystack? 1
- Thread starter VOIPaintEASY
- Start date
- Status
MikeDelorie
Technical User
I hope this isn't reviving too stale of a thread, but it's further to this topic.
We're looking to set up a similar configuration. Our problem, however, is that we have Nortel i2002 phones attached to these switches with PCs attached to the phones. According to the documentation I've read for version 3.6 of the Baystack software, only one MAC address is permitted through the controlled port once it is authorized. Is this in fact the case? Does anyone have any suggestions for alternate configurations?
Our primary aim here is to prevent "guests" from accessing our LAN by unplugging one of our enterprise PCs from the phone (or wall jack) and plugging in their own computers.
Thanks!
We're looking to set up a similar configuration. Our problem, however, is that we have Nortel i2002 phones attached to these switches with PCs attached to the phones. According to the documentation I've read for version 3.6 of the Baystack software, only one MAC address is permitted through the controlled port once it is authorized. Is this in fact the case? Does anyone have any suggestions for alternate configurations?
Our primary aim here is to prevent "guests" from accessing our LAN by unplugging one of our enterprise PCs from the phone (or wall jack) and plugging in their own computers.
Thanks!
-
1
- #4
Hi Mike,
I assume you have a baystack like a 470. By default, the ports only allow one authenticated device to work. There is a command "eapol multihost <port> enable [eap-mac-max <1-32>]. This allows you to specify how many hosts per port are allowed to run EAP authentication. Therefore if you set it to 2, your PC and IP phone can both authenticate. You can also set this via JDM by editing the port and going to the EAP tabs. Hope that helps.
Alan
I assume you have a baystack like a 470. By default, the ports only allow one authenticated device to work. There is a command "eapol multihost <port> enable [eap-mac-max <1-32>]. This allows you to specify how many hosts per port are allowed to run EAP authentication. Therefore if you set it to 2, your PC and IP phone can both authenticate. You can also set this via JDM by editing the port and going to the EAP tabs. Hope that helps.
Alan
MikeDelorie
Technical User
Excellent. I'll investigate that. Thank you very much.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question