I have a closed network of 3 switches and 40 computers. 35 of those computers (Windows 7 x64 Professional) need to be plugged into any of the 24 ports on 2 of the switches at any time depending on the need and location of the user. I want to secure the switch to only allow these specific computers to connect. If another computer plugs in I want the switch to disable the port.
On previous small networks with no movement I configured each port with Port Security and the correct MAC Address of the computer. But for this I have more MACs than the Port Security table can handle. I was thinking about using 802.1X but I don't have a router on this system of which I am told I need for 802.1X. When I Google information for 802.1X configuration I end up with a lot of information on Wireless of which we don't use.
So my question is can I do 802.1X without a router and if so is there information on how to configure a server if needed? I have the switches setup with RADIUS authentication to access the SSH and console which works great.
Switches are HP ProCurve 2910al-24G.
Best Answer
The 2910al supports 802.1X port security as authenticator, using RADIUS over EAP or PEAP. Depending on your exact goals, an additional router is not required but you do need a RADIUS server. Check the 2910's "Access and Security Guide" chapter 13. If you've got nothing local to use as a RADIUS server you'll need a router to connect elsewhere - however, you can also set up something like a Raspberry Pi for RADIUS.
MAC authentication is also possible in combination with RADIUS, see chapter 3. The 2910 can also use standalone Local MAC Authentication (LMA, chapter 4). I haven't done that yet and the manual doesn't list any table size restrictions, so you might need to give it a try.