- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
802.1X-mac-based authentification for multiple device per port
I need to do next configuration for two 802.1x devices per single fortiswitch port:
- ipphone with EAP-MD5 802.1x authentification;
- PC behind the phone with EAP-TLS certificate based authentification.
As I understand I need configure 802.1X-mac-based authentification on port for this scheme. Shoud it works without keeping all devices mac-address database on RADIUS server?
Thanks.
Solved! Go to Solution.
- Labels:
-
FortiSwitch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The mac-based vs port-based authorization is a distinction between whether each and every unique MAC address needs to perform 802.1x authentication separately to gain access (mac-based) when connected to this same switch-port, or whether a single device authenticating will authorize the entire switch-port for access, allowing devices with other MAC address to pass traffic through the switch-port. (port-based).
MAC-authentication bypass (MAB) is a separate concept, available for both modes, optional.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The mac-based vs port-based authorization is a distinction between whether each and every unique MAC address needs to perform 802.1x authentication separately to gain access (mac-based) when connected to this same switch-port, or whether a single device authenticating will authorize the entire switch-port for access, allowing devices with other MAC address to pass traffic through the switch-port. (port-based).
MAC-authentication bypass (MAB) is a separate concept, available for both modes, optional.
Created on ‎01-16-2024 04:48 AM Edited on ‎01-16-2024 04:49 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot. Now it's clear for me.
