KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

451

452

453

454

455

456

457

458

459

460

Configuring Switch Ports as 802.1X Authenticators

This section outlines the steps for configuring 802.1X on the switch. For detailed information on

each step, see the following:

• “802.1X User-based access control” (page 338)

• “802.1X Port-based access control” (page 338)

• “Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other

Switches” (page 478)

1. Enable 802.1X user-based or port-based authentication on the individual ports you want to

serve as authenticators. On the ports you will use as authenticators, either accept the default

802.1X settings or change them, as necessary. Note that, by default, the port-control parameter

is set to auto for all ports on the switch. This requires a client to support 802.1X authentication

and to provide valid credentials to get network access. See “Enable 802.1X Authentication

on Selected Ports” (page 458).

2. If you want to provide a path for clients without 802.1X supplicant software to download the

software so that they can initiate an authentication session, enable the 802.1X Open VLAN

mode on the ports you want to support this feature. See “802.1X Open VLAN mode” (page 342).

3. Configure the 802.1X authentication type. Options include:

• Local Operator username and password (using the password port-access command).

• EAP RADIUS: This option requires your RADIUS server application to support EAP

authentication for 802.1X

• CHAP (MD5) RADIUS: This option requires your RADIUS server application to support

CHAP (MD5) authentication. See “Configure the 802.1X Authentication Method”

(page 461).

4. If you select either eap-radius or chap-radius for step 3, use the radius host command to

configure up to three RADIUS server IP address(es) on the switch. See “Enter the RADIUS Host

IP Address(es)” (page 462).

5. Enable 802.1X authentication on the switch. See “Enable 802.1X Authentication on Selected

Ports” (page 458).

6. Test both the authorized and unauthorized access to your system to ensure that the 802.1X

authentication works properly on the ports you have configured for port-access.

NOTE: If you want to implement the optional port security feature (step 7) on the switch, you

should first ensure that the ports you have configured as 802.1X authenticators operate as

expected.

7. If you are using Port Security on the switch, configure the switch to allow only 802.1X access

on ports configured for 802.1X operation, and (if desired) the action to take if an unauthorized

device attempts access through an 802.1X port. See “Port-Security” (page 477).

8. If you want a port on the switch to operate as a supplicant on a port operating as an 802.1X

authenticator on another device, then configure the supplicant operation. (See “Configuring

Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches” (page 478).

Enable 802.1X Authentication on Selected Ports

This task configures the individual ports you want to operate as 802.1X authenticators for

point-to-point links to 802.1X-aware clients or switches, and consists of two steps:

1. Enable the selected ports as authenticators.

2. Specify either user-based or port-based 802.1X authentication.

(Actual 802.1X operation does not commence until you perform step 5 on page 13-26 to activate

802.1X authentication on the switch.)

458 Port-Based and User-Based Access Control (802.1X)