HP ProCurve 6400cl Series Access Security Manual page 288
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Configuring Port-Based and Client-Based Access Control (802.1X)
General Setup Procedure for Port-Based Access Control (802.1X)
N o t e
10-14
1. Enable 802.1X authentication on the individual ports you want to serve as
authenticators. On the ports you will use as authenticators, either accept
the default 802.1X settings or change them, as necessary. Note that, by
default, the port-control parameter is set to auto for all ports on the switch.
This requires a client to support 802.1X authentication and to provide valid
credentials to get network access. Refer to page 10-15.
2. If you want to provide a path for clients without 802.1X supplicant
software to download the software so that they can initiate an authenti
cation session, enable the 802.1X Open VLAN mode on the ports you want
to support this feature. Refer to page 10-21.
3. Configure the 802.1X authentication type. Options include:
•
Local Operator username and password (the default). This option
allows a client to use the switch's local username and password as
valid 802.1X credentials for network access.
•
EAP RADIUS: This option requires your RADIUS server application
to support EAP authentication for 802.1X.
•
CHAP (MD5) RADIUS: This option requires your RADIUS server
application to support CHAP (MD5) authentication.
Refer to page 10-19.
4. If you select either eap-radius or chap-radius for step 3, use the radius host
command to configure up to three RADIUS server IP address(es) on the
switch. See page 10-20.
5. Enable 802.1X authentication on the switch. See page 10-15.
6. Test both the authorized and unauthorized access to your system to
ensure that the 802.1X authentication works properly on the ports you
have configured for port-access.
If you want to implement the optional port security feature (step 7) on the
switch, you should first ensure that the ports you have configured as 802.1X
authenticators operate as expected.
7. If you are using Port Security on the switch, configure the switch to allow
only 802.1X access on ports configured for 802.1X operation, and (if
desired) the action to take if an unauthorized device attempts access
through an 802.1X port. Refer to page 10-36.
8. If you want a port on the switch to operate as a supplicant on a port
operating as an 802.1X authenticator on another device, then configure
the supplicant operation. (Refer to "Configuring Switch Ports To Operate
As Supplicants for 802.1X Connections to Other Switches" on page 10-38.)
Advertisement
Table of Contents
