Business Community > Switches > 802.1x port configuration uplink (supplicant for another switch)
< Switches

802.1x port configuration uplink (supplicant for another switch)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

802.1x port configuration uplink (supplicant for another switch)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1x port configuration uplink (supplicant for another switch)
802.1x port configuration uplink (supplicant for another switch)
2019-09-19 05:12:00
Model: T2600G-52TS(TL-SG3452)  
Hardware Version: V3
Firmware Version:

Hi, i need to secure my network but in other configuration then the provided examples.
I have succesfully configured one switch and the clients are connecting using 802.1x succesfully. 
The problem is that i need to secure a diffrent room at he office and the only way i could connect the second switch is behind the first one, and i can not phisically secure it.
So, how can i put the uplink port of the second switch to authenticate in a port of the first one?

This is an example that i could find:

I think i need to do something like this ..but how...
https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch13s08.html
Thank you very much.

  0      
 
  0      
 
#1
Options
6 Reply
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-20 10:54:47

@mdalacu 

 

In your topology, you should disable 802.1x for port A1 and port B5. Because your switch A need to communicate with radius server.

You can enable 802.1x for other ports on switch A, the clients connected to those ports need to be authorized.

  0  
  0  
#2
Options
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-20 14:27:47

@Andone Yes, this is my real problem because switch A is not in a secure space...I need to authenticate port B5 with A1..is this possible with Tplink switches? On other brands you can designate a port to be supplicant for anoter 8201.x NAS client...

  0  
  0  
#3
Options
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-22 09:28:26

@mdalacu So, no other ideeas for how can i achive this? 
Thanks

  0  
  0  
#4
Options
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-23 07:29:03

@mdalacu 

I remember that Cisco also recommend to disable 802.1x for the port which connected to anoter 8201.x NAS client.

And when you disable 802.1x for Port B5 and Port A1, and enable 802.1x for other ports, your network is still working safely. Because all devices connected to switch A need to be authorized. Disable 802.1x for Port B5 and Port A1 just for let the 802.1x authentication information can pass switch A and switch B to radius server, otherwise, the authentication data will be blocked.  

 

Actually I think there are two ways, you can disable 802.1x for Port B5 and Port A1, you also can enable 802.1x for Port B5 and disable 802.1x for all ports of switch A. But switch B need to support 802.1x authentication based MAC address, then every devices connected to switch A need to be authorized as well. 

  0  
  0  
#5
Options
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-23 08:28:28

@Andone Yes, this could be a solution "But switch B need to support 802.1x authentication based MAC address, then every devices connected to switch A need to be authorized as well"

The problem is that FreeRadius implementation in pfSense is expecting MAC password and username to be in format xx-xx-xx-xx-xx-xx and TPLink Switches sent this like XXXXXXXXXXXX. I need to find the right file to patch this..:/

Thanks for your answer...still digging!

  0  
  0  
#6
Options
Re:802.1x port configuration uplink (supplicant for another switch)
2019-09-24 08:54:50

 

If you use MAB, then you need to set MAC password and username to be in format xx-xx-xx-xx-xx-xx. MAB is usually used for the device which do not support 802.1x client. 

 

If you set port method as MAC based, then all the clients connected to this switch port need to pass authentication. The clients still need to use 802.1x client to login.

 

So MAB(MAC authentication bypass) is different from MAC Based port method. Just choose the feature which can meet your demand.

 

@mdalacu 

  0  
  0  
#7
Options

Information

Helpful: 0

Views: 2383

Replies: 6

Related Articles
VLAN 802.1Q config questions (uplink port config / reaching web interface)
749 0
Configuracion 802.1x y Radius con Active Directory
805 0
802.1x with machine authentication: switch doesn't initiate RADIUS comm with NPS server
3531 0
SSL configuration on T2600G-52TS 3.0
1890 0
Where is the uplink port?
2694 0
Unable to understand to configure an interswitch connection (uplink, trunk) for several VLANs
804 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.