Anybody know of a 5-ish port hub that will do EAP-TLS?

[Brazen]

Sometimes, we run out of jacks and as a temporary/semi-permanent measure we stick in a little 5 port hub to split the connections. We are wanting to start using EAP-TLS though and so (if I understand correctly) any little hubs we put in will need to support EAP-TLS. Anybody know of such hubs? Preferably fairly inexpensive.

Maybe the best thing to do is get like a linksys router and use OpenWRT?

 

[nightowl]

What switch infrastructure are you using to support 802.1x? Some Cisco switches have the ability to authenticate multiple users as they appear on a port. Authentication is done on a per mac-address basis. Other than that you are going to have a hard time finding a 5 port switch that supports 802.1x.

 

[Brazen]

I'm using Dell switches but I have not had time to even start setting it up yet. If I plugged in a switch that did not support EAP-TLS couldn't anything be plugged into that switch then?

 

[nightowl]

I am not familar with how Dell switches work but normal operation that I have seen is that once a second mac-address shows up on a port the port is disabled.

 

[Brazen]

Honestly, I don't have a clue how this stuff works

 

[cmetz]

Brazen, you can allow multiple 802.1x clients downstream of most 802.1x capable switches. The Dells allow this.

It's not a very secure way to do things, though. Kinda defeats the purpose.

 

[Brazen]

Originally posted by: cmetz
Brazen, you can allow multiple 802.1x clients downstream of most 802.1x capable switches. The Dells allow this.

It's not a very secure way to do things, though. Kinda defeats the purpose.

Do you mean that even though we would put in a dumb 5 port hub, the computer's connected to that 5 port hub would still need to authenticate through 802.1x in order to talk to computers through the Dell?

 

[cmetz]

Yes. However, the Dell needs to be configured to allow multiple 802.1x clients to be behind a port (the Dells have an option for this) and you lose security, because if PC #1 behind the hub authenticates, PC #2 behind the hub also has access to the same VLAN (I haven't tested this, but this my understanding).

 

[Brazen]

Originally posted by: cmetz
Yes. However, the Dell needs to be configured to allow multiple 802.1x clients to be behind a port (the Dells have an option for this) and you lose security, because if PC #1 behind the hub authenticates, PC #2 behind the hub also has access to the same VLAN (I haven't tested this, but this my understanding).

So if one PC connected to the dumb hub authenticates, then ANY PC can connect into the dumb hub and communicated without authentication?

 

[cmetz]

yes.

 

[Brazen]

Originally posted by: cmetz
yes.

yeah, that's exactly what I'm trying to avoid. I think if I can't find a small hub with 802.1x, I'm just going to use OpenWRT.