HP ProCurve 9304M Security Manual page 96

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

•

"Specifying the Security Hold Time" on page 4-13 (optional)

•

"Specifying a Timeout for Retransmission of EAP-Request Frames to the Client" on page 4-14 (optional)

•

"Allowing Access to Multiple Hosts" on page 4-14 (optional)

•

"Defining MAC Filters for EAP Frames" on page 4-16 (optional)

Configuring an Authentication Method List for 802.1X

To use 802.1X port security, you must specify an authentication method to be used to authenticate Clients. HP

supports RADIUS authentication with 802.1X port security. To use RADIUS authentication with 802.1X port

security, you create an authentication method list for 802.1X and specify RADIUS as an authentication method,

then configure communication between the HP device and RADIUS server.

For example:

ProCurveRS(config)# aaa authentication dot1x default radius

Syntax: [no] aaa authentication dot1x default <method-list>

For the <method-list>, enter at least one of the following authentication methods:

radius – Use the list of all RADIUS servers that support 802.1X for authentication.

none – Use no authentication. The Client is automatically authenticated without the device using information

supplied by the Client.

NOTE: If you specify both radius and none, make sure radius comes before none in the method list.

Setting RADIUS Parameters

To use a RADIUS server to authenticate access to an HP device, you must identify the server to the HP device.

For example:

ProCurveRS(config)# radius-server host 209.157.22.99 auth-port 1812 acct-port 1813

default key mirabeau dot1x

ProCurveRS(config)# radius-server host 209.157.22.99 auth-port 1812 acct-port 1813

default key mirabeau dot1x

Syntax: radius-server host <ip-addr> | <server-name> [authentication-only | accounting-only | default] [key 0 | 1

<string>] [dot1x]

The host <ip-addr> | <server-name> parameter is either an IP address or an ASCII text string.

The dot1x parameter indicates that this RADIUS server supports the 802.1X standard. A RADIUS server that

supports the 802.1X standard can also be used to authenticate non-802.1X authentication requests.

NOTE: To implement 802.1X port security, at least one of the RADIUS servers identified to the HP device must

support the 802.1X standard.

Enabling 802.1X Port Security

By default, 802.1X port security is disabled on HP devices. To enable the feature on the device and enter the

dot1x configuration level, enter the following command:

ProCurveRS(config)# dot1x-enable

ProCurveRS(config-dot1x)#

Syntax: [no] dot1x-enable

4 - 10

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 96

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents