HPE FlexNetwork 7500 Series Security Configuration Manual page 86
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
•
Use MAC-based access control on GigabitEthernet 1/0/1 to authenticate all 802.1X users on
the port separately.
•
Include domain names in the usernames sent to the RADIUS server.
On the RADIUS server, perform the following tasks:
•
Add a service that assigns authenticated users to VLAN 4.
•
Configure a user account named dot1x@bbb and assign the service to the user.
Set the shared keys to expert for secure RADIUS communication. Set the ports for authentication
and accounting to 1812 and 1813, respectively.
Figure 23 Network diagram
802.1X user
Configuration procedure
1.
Configure interfaces and VLANs, so the host promptly obtains a new IP address to access
resources in the authorized VLAN after passing authentication. (Details not shown.)
2.
If you are using IMC PLAT 5.0, configure the RADIUS server as follows:
NOTE:
In this section, IMC UAM 5.0 (E0101) is used as the authentication and accounting RADIUS
server. IMC UAM 5.0 (E0101) is running on IMC PLAT 5.0 (E0101).
# Add the switch to the IMC Platform as an access device.
Log in to IMC, click the Service tab, and select User Access Manager > Access Device
Management > Access Device from the navigation tree. Then, click Add to configure an
access device as follows:
a. Set the shared key for secure authentication and accounting communication to expert.
b. Set the ports for authentication and accounting to 1812 and 1813, respectively.
c. Select LAN Access Service from the Service Type list.
d. Select HP(Comware) from the Access Device Type list.
e. Select the access device from the device list or manually add the device with IP address
10.1.1.2.
f. Use the default values for other parameters and click OK.
The IP address of the access device specified here must be the same as the source IP address
of the RADIUS packets sent from the switch. The source IP address is chosen in the following
order on the switch:
IP address specified by the nas-ip command.
IP address specified by the radius nas-ip command.
IP address of the outbound interface (the default).
RADIUS server
10.1.1.1/24
Vlan-int3
10.1.1.2/24
Vlan-int4
Vlan-int2
GE1/0/1
Switch
Internet
72
Advertisement
Table of Contents
Troubleshooting
