HP 5500 HI Series Configuration Manual page 205
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
[Switch] portal local-server https server-policy sslsvr
# Configure IP address 4.4.4.4 for interface loopback 12.
[Switch] interface loopback 12
[Switch-LoopBack12] ip address 4.4.4.4 32
[Switch-LoopBack12] quit
# Specify the listening IP address of the local portal server as 4.4.4.4.
[Switch] portal local-server ip 4.4.4.4
# Enable Layer-2 portal authentication on GigabitEthernet 1/0/1 and specify VLAN 2 as the
Auth-Fail VLAN, to which terminals failing authentication are added.
[Switch] interface gigabitethernet 1/0/1
[Switch–GigabitEthernet1/0/1] port link-type hybrid
[Switch–GigabitEthernet1/0/1] mac-vlan enable
[Switch–GigabitEthernet1/0/1] portal local-server enable
[Switch–GigabitEthernet1/0/1] portal auth-fail vlan 2
[Switch–GigabitEthernet1/0/1] quit
6.
Configure 802.1X authentication:
# Enable 802.1X authentication globally.
[Switch] dot1x
# Enable 802.1X authentication (MAC-based access control required) on GigabitEthernet 1/0/1,
and specify VLAN 2 as the Auth-Fail VLAN.
[Switch] interface gigabitethernet 1/0/1
[Switch–GigabitEthernet1/0/1] dot1x port-method macbased
[Switch–GigabitEthernet1/0/1] dot1x
[Switch–GigabitEthernet1/0/1] dot1x auth-fail vlan 2
[Switch–GigabitEthernet1/0/1] quit
7.
Configure MAC authentication:
# Enable MAC authentication globally.
[Switch] mac-authentication
# Enable MAC authentication on GigabitEthernet 1/0/1, and specify VLAN 2 as the Auth-Fail
VLAN
[Switch] interface gigabitethernet 1/0/1
[Switch–GigabitEthernet1/0/1] mac-authentication
[Switch–GigabitEthernet1/0/1] mac-authentication guest-vlan 2
[Switch–GigabitEthernet1/0/1] quit
8.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1.
[Switch] radius scheme rs1
# Specify the server type for the RADIUS scheme, which must be extended when the IMC server is
used.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication and accounting servers and keys.
[Switch-radius-rs1] primary authentication 1.1.1.2
[Switch-radius-rs1] primary accounting 1.1.1.2
[Switch-radius-rs1] key authentication radius
[Switch-radius-rs1] key accounting radius
# Specify usernames sent to the RADIUS server to carry no domain names.
192
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
