Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
GS108T port authentication with 802.1x problem
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-25
03:11 AM
2009-08-25
03:11 AM
Recently I bought a couple of GS108T switches that I'm supposed to use together with 802.1x authentication.
I set up a PKI structure that worked good and used NPS (network policy server) on Win 2k8 to manage the 802.1x.
It didn't work, and after a while when I tried tried and tried again I decided to call the Netgear support here i Sweden. I asked them how long the PKI-keyes for the certificates can be (2048 or 4096-bit or something like that). They started a case and now I got an answer:
"Notes added by 30002
GS108T and all smart switches only allow port authetication using MD5
Certificate based port authetication is not supported.
To have suppport you need managed switch"
Now two questions:
1) Isn't GS108T a managed switch?
2) I now certificates aren't supporter, which are the options that I can use instead for 802.1x? Please give me some examples/ideas 🙂
Thanks!
/Calle
I set up a PKI structure that worked good and used NPS (network policy server) on Win 2k8 to manage the 802.1x.
It didn't work, and after a while when I tried tried and tried again I decided to call the Netgear support here i Sweden. I asked them how long the PKI-keyes for the certificates can be (2048 or 4096-bit or something like that). They started a case and now I got an answer:
"Notes added by 30002
GS108T and all smart switches only allow port authetication using MD5
Certificate based port authetication is not supported.
To have suppport you need managed switch"
Now two questions:
1) Isn't GS108T a managed switch?
2) I now certificates aren't supporter, which are the options that I can use instead for 802.1x? Please give me some examples/ideas 🙂
Thanks!
/Calle
Solved! Go to Solution.
Message 1 of 8
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2011-08-19
02:25 PM
2011-08-19
02:25 PM
NogNeetMachinaal wrote: Hello,
What settings did you use on all three for making this work?
For now, I would settle for EAP-MD5.
Grtz - Will
You have to unlock EAP-MD5 in 2008 Server and then choose it in Network Policy Server as authentication option.
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/e801bdac-9347-4efb-9d7c-bcf4d64...
I think they have removed it in Server 2008 R2 though.
Message 8 of 8
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-25
05:21 AM
2009-08-25
05:21 AM
Re: GS108T port authentication with 802.1x problem
you can use md5 instead of certificates (md5 is way less secure of course). the only switches that support eap (what you want to use) are the big 7000 series switches.
polecats wrote: Recently I bought a couple of GS108T switches that I'm supposed to use together with 802.1x authentication. I set up a PKI structure that worked good and used NPS (network policy server) on Win 2k8 to manage the 802.1x. It didn't work, and after a while when I tried tried and tried again I decided to call the Netgear support here i Sweden. I asked them how long the PKI-keyes for the certificates can be (2048 or 4096-bit or something like that). They started a case and now I got an answer: "Notes added by 30002 GS108T and all smart switches only allow port authetication using MD5 Certificate based port authetication is not supported. To have suppport you need managed switch" Now two questions: 1) Isn't GS108T a managed switch? 2) I now certificates aren't supporter, which are the options that I can use instead for 802.1x? Please give me some examples/ideas :) Thanks! /Calle
Message 2 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-25
05:25 AM
2009-08-25
05:25 AM
Re: GS108T port authentication with 802.1x problem
No - the GS108T is not a managed switch, it's what's called a SmartSwitch, in that it has limited management capabilties, rather than being fully managed. It is also significantly cheaper.
I've only used 802.1x authentication in a wireless environment so I can't assist with the second question.
I've only used 802.1x authentication in a wireless environment so I can't assist with the second question.
Message 3 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-25
07:11 AM
2009-08-25
07:11 AM
Re: GS108T port authentication with 802.1x problem
Thanks for the replies.
It's only the FSMxxxx switches that support EAP certificates? (where the "M" in FSM stands for managed)
There are NO information about this in the specification pages or any of the manuals for both the GS108T and the FS728TS switches. How am I able to figure this out before purchasing? The specs says "IEEE 802.1x".
Now I have 7 GS108T and 2 FS728TS, that I'm not sure that I can use together with Server 2008 Network Policy Server... Can I?
Big problem right now...
It's only the FSMxxxx switches that support EAP certificates? (where the "M" in FSM stands for managed)
There are NO information about this in the specification pages or any of the manuals for both the GS108T and the FS728TS switches. How am I able to figure this out before purchasing? The specs says "IEEE 802.1x".
Now I have 7 GS108T and 2 FS728TS, that I'm not sure that I can use together with Server 2008 Network Policy Server... Can I?
Big problem right now...
Message 4 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-25
09:18 AM
2009-08-25
09:18 AM
Re: GS108T port authentication with 802.1x problem
beisser wrote: you can use md5 instead of certificates (md5 is way less secure of course).
the only switches that support eap (what you want to use) are the big 7000 series switches.
Isn't MD5 Challenge an EAP part?
Which MD5 auth am I supposed to use?
Thanks.
Message 5 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2009-08-26
10:14 AM
2009-08-26
10:14 AM
Re: GS108T port authentication with 802.1x problem
OK, I'm back.
Now I've got the EAP-MD5 auth to work Win2k8Srv - GS108T - XP client. The problem is that you can't save the password. This means that when you've restared the client you cannot log on as domain user, the port hasn't been authorized. This seems like a big limitation... gaaah. Does anyone have a solution?
I can't understand why cert isn't an option for the switch.
Now I've got the EAP-MD5 auth to work Win2k8Srv - GS108T - XP client. The problem is that you can't save the password. This means that when you've restared the client you cannot log on as domain user, the port hasn't been authorized. This seems like a big limitation... gaaah. Does anyone have a solution?
I can't understand why cert isn't an option for the switch.
Message 6 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2011-06-12
02:30 PM
2011-06-12
02:30 PM
Re: GS108T port authentication with 802.1x problem
Hello, What settings did you use on all three for making this work? For now, I would settle for EAP-MD5. Grtz - Will
polecats wrote: OK, I'm back. Now I've got the EAP-MD5 auth to work Win2k8Srv - GS108T - XP client.
Message 7 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2011-08-19
02:25 PM
2011-08-19
02:25 PM
NogNeetMachinaal wrote: Hello,
What settings did you use on all three for making this work?
For now, I would settle for EAP-MD5.
Grtz - Will
You have to unlock EAP-MD5 in 2008 Server and then choose it in Network Policy Server as authentication option.
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/e801bdac-9347-4efb-9d7c-bcf4d64...
I think they have removed it in Server 2008 R2 though.
Message 8 of 8