802.1x authentication - HP Procurve network
I would like to setup 802.1x authentication for my wired HP Procurve network (I've already got it up and running on my wireless network).
I've got an HP Procurve LAN and use NPS on 2008R2 to do the RADIUS side of things. It uses machine-based AD authentication (e.g. checks that the machine is a member of the domain before authenticating it)
I know how to setup bog-standard 802.1x machine authentication for wired connections but my brain is starting to hurt when I think about these things:
1. How do I deal with non-802.1x compliant devices (such as printers, VoIP phones... etc.)? It would be nice if NPS could do AD-authentication or Mac-address authentication to cater for this. What do other people do?
2. I'm doing a VoIP roll-out over the summer... can I setup my HP network to authenticate two devices on one port? e.g. the VoIP phone would need to be mac-address authenticated, but if a PC is plugged into the onboard switch could that then be authenticated using AD-authentication?
2a. ...and would each device be put into a separate VLAN?
3. FOG server... obviously I'll still need to allow PXE booting for FOG devices. I'm guessing that I could probably do this with an unauthenticated VLAN and put an ACL in place to allow VLAN routing to my FOG server. Has anyone done this?
Thanks in advance to any replies,