Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
451452453454455456457458459460
<password>
Operator password (text string) used only for local authentication of 802.1X
clients. This value is different from the local operator password configured with
the password command for management access.
Example 22 Example
How to configure a local operator password for 802.1X access:
HP Switch(config)# password port-access user-name Jim secret3
You can save the port-access password for 802.1X authentication in the configuration file by
using the include-credentials command. For more information, see “Saving username and
password security” (page 46).
3. Determine the switch ports that you want to configure as authenticators and/or supplicants,
and disable LACP on these ports. (For more information on disabling LACP, see “NOTE”
(page 99)).
To display the current configuration of 802.1X, Web-based, and MAC authentication on all
switch ports, enter the show port-access config command.
Figure 332 show port-access config Command Output
4. Determine whether to use user-based access control, see “802.1X User-based access control”
(page 338) or portbased access control, see “802.1X Port-based access control” (page 338).
5. Determine whether to use the optional 802.1X Open VLAN mode for clients that are not
802.1X-aware; that is, for clients that are not running 802.1X supplicant software. (This will
require you to provide downloadable software that the client can use to enable an
authentication session.) See “802.1X Open VLAN mode” (page 342).
6. For any port you want to operate as a supplicant, determine the user credentials. You can
either use the same credentials for each port or use unique credentials for individual ports or
subgroups of ports. (This can also be the same local username/password pair that you assign
to the switch.)
7. Unless you are using only the switch’s local username and password for 802.1X authentication,
configure at least one RADIUS server to authenticate access requests coming through the ports
on the switch from external supplicants (including switch ports operating as 802.1X supplicants).
You can use up to three RADIUS servers for authentication; one primary and two backups.
See the documentation provided with your RADIUS application.
Configuring Port-Based Access 457