802.1X; Mac-Based; Radius - HP ProCurve MSM317 Installation And Getting Started Manual

Configuration
Configuring the switch ports
If both authentication options are enabled at the same time, then:
802.1X takes priority for client stations that are 802.1X enabled. If 802.1X authentication

fails, MAC authentication is not checked and the client station fails to authenticate.
 MAC authentication takes priority for client stations that are not 802.1X enabled. If MAC
authentication fails, then the client station fails to authenticate.
Note
Only one authenticated MAC address is supported per port. This means if multiple devices
are connect to a port via a hub, only one device (or user) can gain access at a time.

802.1X

This option enables support for client stations with 802.1X client software that uses EAP-TLS,
EAP-TTLS, EAP-SIM, PEAP, or any other transparent EAP method. Encryption is not
supported.
802.1X logins are authenticated via an external RADIUS server defined by the RADIUS profile
selected for RADIUS.

MAC-based

This option lets you control access based on a client station's MAC address. Addresses are
authenticated via an external RADIUS server defined by the RADIUS profile selected for

RADIUS.

To successfully authenticate a client station, an account must be created on the RADIUS
server with both username and password set to the MAC address of the client station. The
MAC address must be defined as 12 hexadecimal numbers, with the values "a" to "f" in
lowercase. For example, 0003520a0f01.
RADIUS
Select the RADIUS profile that will be used for 802.1X and MAC-based authentication.
RADIUS profiles are defined on the RADIUS profiles page. To open this page select
Controller >> Authentication > RADIUS profiles.
3-30