locked
Building policies for 802.1x and switch management RRS feed

  • Question

  • I currently have a few HP Procurve switches setup with 802.1x authentication on the access ports and are managing the authentication with a 2008R2 server with the NPS role.

    Now i would also like to use this same radius server to authenticate the manager login on the switches (telnet/ssh/https) to be able to login with certain domain accounts on the switches.

    I'm just not understanding how to separate the policies on the NPS server. Right now for example we have a specified that a certain group (for example the group NET-USERS) of users are given access when they attempt to connect to a 802.1x port with their AD credentials.

    Now if i enable RADIUS authentication for the switch management, if a user with membership of NET-USERS tries to login, they will also be given access to the switches. I want to be able to allow NET-USERS to only connect through 802.1x port authentication, and only a certain NET-ADMIN group to be able to authenticate for the switch management.

    I hope someone understands my issue, and have a sollution :-)

    Saturday, September 21, 2013 11:35 AM

Answers

  • Hi,

    Based on my knowledge, I don’t think there is a way to deal with this.

    Maybe you can create another subnet then you can create different policies for the subnet.

    Hope this helps.

    • Marked as answer by Daniel JiSun Sunday, September 29, 2013 7:16 AM
    Tuesday, September 24, 2013 5:03 AM