Issue
Do the SpaceLogic controllers MPx/RPx support network authentication via Radius Server (IEEE 802.1X)?
Product Line
EcoStruxure Building Operation
Environment
- Building Operation Multi-purpose Controller
- Building Operation Room Controller
Cause
As noted in the AS supports network authentication via Radius Server (IEEE 802.1X) Knowledge Base article the Automation Servers (AS-P, AS-B) support the 802.1x protocol.
The SpaceLogic controllers MPx/RPx do not support it.
Resolution
Since the SpaceLogic controllers MPx/RPx do not support 802.1x network authentication, alternative mechanisms must be provided to authenticate MPx/RPx controllers.
The SpaceLogic controllers MPx/RPx send a gratuitous ARP containing the device MAC address on start up and it is possible to use the MAC Authentication Bypass (MAB) option on the network switch.
When MAB is configured on a port, that port will first try to check if the connected device is 802.1X compliant, and if no reaction is received from the connected device, it will try to authenticate with the AAA server using the connected device's MAC address as username and password. The network administrator then must make provisions on the RADIUS server to authenticate those MAC-addresses, either by adding them as regular users, or implementing additional logic to resolve them in a network inventory database. Many managed Ethernet switches offer options for this.
