Eapol Configuration Guidelines - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

Hp 1:10gb ethernet bl-c switch for c-class bladesystem application guide

Hide thumbs Also See for 438031-B21 - 1:10Gb Ethernet BL-c Switch:

Reference manual (252 pages)

Command reference manual (208 pages)

Cli reference manual (190 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

Table of Contents

Table 9

EAP support for RADIUS attributes

Attribute

State

Called-Station-ID

Calling-Station-ID

EAP-Message

Message-Authenticator

NAS-Port-ID

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)

RADIUS Attribute Support:

0—This attribute MUST NOT be present in a packet.

0+—Zero or more instances of this attribute MAY be present in a packet.

0-1—Zero or one instance of this attribute MAY be present in a packet.

1—Exactly one instance of this attribute MUST be present in a packet.

1+—One or more of these attributes MUST be present.

EAPoL configuration guidelines

When configuring EAPoL, consider the following guidelines:

The 802.1x port-based authentication is currently supported only in point-to-point configurations, that

is, with a single supplicant connected to an 802.1x-enabled switch port.

When 802.1x is enabled, a port has to be in the authorized state before any other Layer 2 feature

can be operationally enabled. For example, the STG state of a port is operationally disabled while

the port is in the unauthorized state.

The 802.1x supplicant capability is not supported. Therefore, none of its ports can connect

successfully to an 802.1x-enabled port of another device, such as another switch, which acts as an

authenticator, unless access control on the remote port is disabled or is configured in forced-

authorized mode. For example, if a HP 1:10GbE switch is connected to another HP 1:10GbE

switch, and if 802.1x is enabled on both switches, the two connected ports must be configured in

force-authorized mode.

Attribute Value

Server-specific value. This is sent unmodified

back to the server in an Access-Request that is

in response to an Access-Challenge.

The MAC address of the authenticator

encoded as an ASCII string in canonical

format, e.g. 000D5622E3 9F.

The MAC address of the supplicant encoded

as an ASCII string in canonical format, e.g.

00034B436206.

Encapsulated EAP packets from the supplicant

to the authentication server (Radius) and vice-

versa. The authenticator relays the decoded

packet to both devices.

Always present whenever an EAP-Message

attribute is also included. Used to integrity-

protect a packet.

Name assigned to the authenticator port, e.g.

Server1_Port3

Port-based Network Access and traffic control

A-R

0-1

A-A

A-C

A-R

0-1

Table of Contents

Troubleshooting

This manual is also suitable for:

1:10gbe

Eapol Configuration Guidelines - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

EAPoL configuration guidelines

Troubleshooting

Related Manuals for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

Related Content for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

This manual is also suitable for:

Table of Contents