HP 3500yl Series Access Security Manual page 658

Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
N o t e
(config)# aaa authentication port-access eap-radius
HP Switch
Configures the switch for 802.1X authentication using an EAP-RADIUS server.
(config)# aaa port-access authenticator a10-a20
HP Switch
Configures ports A10 - A20 as 802.1 authenticator ports.
13-46
5. Test both the authorized and unauthorized access to your system to
ensure that the 802.1X authentication works properly on the ports you
have configured for port-access.
If you want to implement the optional port-security feature on the switch, you
should first ensure that the ports you have configured as 802.1X authenticators
operate as expected. Then refer to "Option For Authenticator Ports: Configure
Port-Security To Allow Only 802.1X-Authenticated Devices" on page 13-48.
After you complete steps 1 and 2, the configured ports are enabled for 802.1X
authentication (without VLAN operation), and you are ready to configure
VLAN Operation.
Configuring 802.1X Open VLAN Mode. Use these commands to actually
configure Open VLAN mode. For a listing of the steps needed to prepare the
switch for using Open VLAN mode, refer to "Preparation" on page 13-42.
Syntax: aaa port-access authenticator < port-list >
[auth-vid < vlan-id >]
Configures an existing, static VLAN to be the Authorized-
Client VLAN.
[< unauth-vid < vlan-id >]
Configures an existing, static VLAN to be the Unauthor-
ized-Client VLAN.
For example, suppose you want to configure 802.1X port-access with Open
VLAN mode on ports A10 - A20 and:
These two static VLANs already exist on the switch:
■
• Unauthorized, VID = 80
• Authorized, VID = 81
■ Your RADIUS server has an IP address of 10.28.127.101. The server uses
rad4all as a server-specific key string. The server is connected to a port on
the Default VLAN.
The switch's default VLAN is already configured with an IP address of
■
10.28.127.100 and a network mask of 255.255.255.0