KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

461

462

463

464

465

466

467

468

469

470

The no form of the command removes the global encryption key.

4. Activate authentication on the switch.

Syntax

aaa port-access authenticator active

Activates 802.1X port-access on ports you have configured as authenticators.

5. Test both the authorized and unauthorized access to your system to ensure that the 802.1X

authentication works properly on the ports you have configured for port-access.

NOTE: If you want to implement the optional port-security feature on the switch, you should first

ensure that the ports you have configured as 802.1X authenticators operate as expected. Then

see “Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated

Devices” (page 468).

After you complete steps 1 and 2, the configured ports are enabled for 802.1X authentication

(without VLAN operation), and you are ready to configure VLAN Operation.

Configuring 802.1X Open VLAN Mode

Use these commands to actually configure Open VLAN mode. For a listing of the steps needed to

prepare the switch for using Open VLAN mode, see “Setting Up and Configuring 802.1X Open

VLAN Mode” (page 464).

Syntax

aaa port-access authenticator < port-list>

[auth-vid < vlan-id >]

Configures an existing, static VLAN to be the Authorized- Client VLAN.

[< unauth-vid < vlan-id >]

Configures an existing, static VLAN to be the Unauthorized- Client VLAN.

For example, suppose you want to configure 802.1X port-access with Open VLAN mode on ports

A10 - A20 and

• These two static VLANs already exist on the switch:

Unauthorized, VID = 80◦

◦ Authorized, VID = 81

• Your RADIUS server has an IP address of 10.28.127.101. The server uses rad4all as a

server-specific key string. The server is connected to a port on the Default VLAN.

• The switch's default VLAN is already configured with an IP address of 10.28.127.100 and

a network mask of 255.255.255.0

HP Switch(config)# aaa authentication port-access eap-radius

Configures the switch for 802.1X authentication using an EAP-RADIUS server.

HP Switch(config)# aaa port-access authenticator a10-a20

Configures ports A10 - A20 as 802.1 authenticator ports.

HP Switch(config)# radius host 10.28.127.101 key rad4all

Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101 and an

encryption key of rad4all.

HP Switch(config)# aaa port-access authenticator e a10-a20 unauth-vid 80

Configures ports A10 - A20 to use VLAN 80 as the Unauthorized-Client VLAN.

Configuring Port-Based Access 467