KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

451

452

453

454

455

456

457

458

459

460

NOTE: If you enable 802.1X authentication on a port, the switch automatically disables LACP

on that port. However, if the port is already operating in an LACP trunk, you must remove the port

from the trunk before you can configure it for 802.1X authentication.

• Enable the Selected Ports as Authenticators and Enable the (Default) Port-Based Authentication

Syntax

[no]aaa port-access authenticator < port-list >

Enables specified ports to operate as 802.1X authenticators and enables port-based

authentication. (To enable userbased authentication, execute this command first,

and then execute the client-limit < port-list > version of this command described in

the next section.) The no form of the command removes 802.1X authentication from

< port-list >. To activate configured 802.1X operation, you must enable 802.1X

authentication. See “Enable 802.1X Authentication on the Switch” (page 463).

Specify User-Based Authentication or Return to Port-Based Authentication

User-Based 802.1X Authentication

Syntax

aaa port-access authenticator < port-list> client-limit < 1

- 32 >

Used after executing aaa port-access authenticator < port-list > (above) to convert

authentication from port-based to userbased. Specifies user-based 802.1X

authentication and the maximum number of 802.1X-authenticated client sessions

allowed on each of the ports in < port-list >. If a port currently has no authenticated

client sessions, the next authenticated client session the port accepts determines the

untagged VLAN membership to which the port is assigned during the session. If

another client session begins later on the same port while an earlier session is

active, the later session will be on the same untagged VLAN membership as the

earlier session.

NOTE: The client limit is 256 clients per-port for MAC-auth and Web-auth; the

client limit for 802.1X is 32 clients per port. The MAC-auth and Web-auth limit of

256 clients only applies when there are fewer than 16,384 authentication clients

on the entire switch. After the limit of 16, 384 clients is reached, no additional

authentication clients are allowed on any port for any method.

Port-Based 802.1X Authentication.

Syntax

[no]aaa port-access authenticator <port-list> client-limit

Used to convert a port from user-based authentication to port-based authentication,

which is the default setting for ports on which authentication is enabled. (Executing

aaa port-access authenticator < port-list > enables 802.1X authentication on <

port-list > and enables port-based authentication— page 13-18.) If a port currently

has no authenticated client sessions, the next authenticated client session the port

accepts determines the untagged VLAN membership to which the port is assigned

during the session. If another authenticated client session begins later on the same

port while an earlier session is active, the later session replaces the currently active

session and will be on the untagged VLAN membership specified by the RADIUS

server for the later session.

Configuring Port-Based Access 459