802.1X Configuration Example - HP 830 Series Configuration Manual

Poe+ unified wired-wlan switch switching engine web-based
Hide thumbs Also See for HP 830 Series:
Table of Contents

Advertisement

Feature
Port intrusion protection on a port that performs
MAC-based access control

802.1X configuration example

Network requirements
As shown in
GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so when one user logs off, it
does not affect other online 802.1X users. Enable periodic re-authentication of online users on the port,
so that the server can periodically update the users' authorization information.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users.
If RADIUS accounting fails, the access device logs off the user. The RADIUS servers run on IMC.
Configure the host at 10.1.1.1 as the primary authentication and secondary accounting servers, and
the host at 10.1.1.2 as the secondary authentication and primary accounting servers. Assign all
users to the ISP domain test.
Configure the shared key as name for packets between the access device and the authentication
server, and the shared key as money for packets between the access device and the accounting
server.
Exclude the ISP domain name from the username sent to the RADIUS servers.
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the
RADIUS server until it receives a response from the server, and to send real time accounting packets
to the accounting server every 15 minutes.
Figure 306 Network diagram
The following configuration procedure applies to RADIUS client configuration on the switch.
Configurations on the RADIUS servers are not shown. For more information about RADIUS configuration,
see
"Configuring
Configuration prerequisites
Configure the IP addresses of the interfaces. (Details not shown.)
Configuring 802.1X
1.
From the navigation tree, select Authentication > 802.1X.
2.
Select the Enable 802.1X box, select the authentication method as CHAP, and click Apply.
Figure
306, the access device performs 802.1X authentication for users who connect to port
RADIUS."
Relationship description
The 802.1X Auth-Fail VLAN function has higher priority
than the block MAC action but lower priority than the shut
down port action of the port intrusion protection feature.
317

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents