This chapter describes how to configure 802.1X on an HP device. You can also configure the port security
feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication. It
applies to a network, a WLAN, for example, that requires different authentication methods for different
users on a port. It is described in "Configuring port security."
HP implementation of 802.1X
HP implements port-based access control as defined in the 802.1X protocol, and extends the protocol to
support MAC-based access control.
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
no other online users are affected.
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
If RADIUS authentication is used, create user accounts on the RADIUS server.
If local authentication is used, create local user accounts on the access device and set the service
type to lan-access.
802.1X configuration task list
Tasks at a glance
Enabling EAP relay or EAP termination
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake function
Configuring the authentication trigger function
Specifying a mandatory authentication domain on a port
Configuring the quiet timer