HP ProCurve 9304M Security Manual page 97

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

At the dot1x configuration level, you can enable 802.1X port security on all interfaces at once, on individual

interfaces, or on a range of interfaces.

For example, to enable 802.1X port security on all interfaces on the device, enter the following command:

ProCurveRS(config-dot1x)# enable all

Syntax: [no] enable all

To enable 802.1X port security on interface 3/11, enter the following command:

ProCurveRS(config-dot1x)# enable ethernet 3/11

Syntax: [no] enable <portnum>

To enable 802.1X port security on interfaces 3/11 through 3/16, enter the following command:

ProCurveRS(config-dot1x)# enable ethernet 3/11 to 3/16

Syntax: [no] enable <portnum> to <portnum>

Setting the Port Control

To activate authentication on an 802.1X-enabled interface, you specify the kind of port control to be used on the

interface. An interface used with 802.1X port security has two virtual access points: a controlled port and an

uncontrolled port.

•

The controlled port can be either the authorized or unauthorized state. In the authorized state, it allows

normal traffic to pass between the Client and the Authenticator. In the unauthorized state, it allows no traffic

to pass through.

•

The uncontrolled port allows only EAPOL traffic between the Client and the Authentication Server.

See Figure 4.3 on page 4-4 for an illustration of this concept.

By default, all controlled ports on the device are in the authorized state, allowing all traffic. When you activate

authentication on an 802.1X-enabled interface, its controlled port is placed in the unauthorized state. When a

Client connected to the interface is successfully authenticated, the controlled port is then placed in the authorized

state. The controlled port remains in the authorized state until the Client logs off.

To activate authentication on an 802.1X-enabled interface, you configure the interface to place its controlled port in

the authorized state when a Client is authenticated by an Authentication Server. To do this, enter commands such

as the following.

ProCurveRS(config)# interface e 3/1

ProCurveRS(config-if-3/1)# dot1x port-control auto

Syntax: [no] dot1x port-control [force-authorized | force-unauthorized | auto]

When an interface's control type is set to auto, the its controlled port is initially set to unauthorized, but is changed

to authorized when the connecting Client is successfully authenticated by an Authentication Server.

The port control type can be one of the following:

force-authorized – The port's controlled port is placed unconditionally in the authorized state, allowing all traffic.

This is the default state for ports on the HP device.

force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.

auto – The controlled port is unauthorized until authentication takes place between the Client and Authentication

Server. Once the Client passes authentication, the port becomes authorized. This has the effect of activating

authentication on an 802.1X-enabled interface.

June 2005

Configuring 802.1X Port Security

4 - 11

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 97

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents