Configuring 802.1X
This chapter describes how to configure 802.1X on an HP device. You can also configure the port security
feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication. It
applies to a network that requires different authentication methods for different users on a port. It is
described in
HP implementation of 802.1X
HP implements port-based access control as defined in the 802.1X protocol, and extends the protocol to
support MAC-based access control.
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
•
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
•
no other online users are affected.
Configuration prerequisites
•
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device and set the service
•
type to lan-access.
For more information about RADIUS client configuration, see
802.1X configuration task list
Tasks at a glance
(Required.)
(Required.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
"Configuring port
security."
Enabling 802.1X
Enabling EAP relay or EAP termination
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake feature
Configuring the authentication trigger feature
Specifying a mandatory authentication domain on a port
"Configuring
70
AAA."