Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

tquinna

13 Posts

52920

May 7th, 2006 23:00

PowerConnect 5324 + 802.1x port security

I have a Dell PowerConnect 5324 with the newest firmware and boot code.
 
I am trying to get 802.1x port authentication working with a Microsoft IAS server running on Windows Server 2003.  802.1x port authentication functions normally on the 5324 if a user performs the authentication after Windows XP is already logged into.  We are using PEAP (MSCHAPv2)
 
What we want working is machine authentication where the system authenticates to the switch and is provided network access before a user logs in.  Microsoft Windows XP is capable of this type of 802.1x authentication by providing the computer name/password to IAS.  It appears that the switch is getting confused by machine authentication where the username is of the form host/machine.domain.com.
 
I have a packet sniffer setup and when machine authentication is attempted, no traffic is sent to the IAS server at all.  When user authentication is used, everything work fine as stated above.
 
Does anyone know if the 5324 supports machine based 802.1x auth?

tquinna

13 Posts

May 12th, 2006 22:00

Hi, any progress on this one?

DELL-Adam N

128 Posts

May 15th, 2006 07:00

Hi

Basically I carried out some further testing and when machine authentication is enabled you can see the identity request and response packets being sent between the client machine and the switch but the switch never sends on the request to the IAS server. I have forwarded my findings to the software development team and I am currently waiting on the team to replicate. There is a firmware update in June which is adding further support for PEAP to the PC5324, I will find out if this will include machine authentication.


I will post once I have an update.

Regards

DELL-Adam N

128 Posts

May 15th, 2006 08:00

Ok, I have confirmation that machine based authentication should work in the next firmware release.


Regards

tquinna

13 Posts

May 15th, 2006 12:00

Thanks very much.

Do you know if the other PowerConnect managed switches will also contain this update (3448,3424 specifically)?

DELL-Adam N

128 Posts

May 15th, 2006 13:00

Hi

The PC34xx switches will also be updated with PEAP around the June / July timeframe.

Thanks

tquinna

13 Posts

May 15th, 2006 13:00

Excellent, thank you very much for your help.

jensenjk

2 Posts

September 11th, 2006 11:00

Hi, is the above mentioned firmware for the 5324 released?

 

the .47 version does not send any request to the IAS server when the workstation is sitting at logon screen (= no machine autheticaton)

 

View More

View All

No Events found!

Top