KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

471

472

473

474

475

476

477

478

479

480

Supplicant Port Configuration

Enabling a Switch Port as a Supplicant.

You can configure a switch port as a supplicant for a point-to-point link to an 802.1X-aware port

on another switch. Configure the port as a supplicant before configuring any supplicant- related

parameters.

Syntax

[no] aaa port-access supplicant [ethernet] < port-list >

Configures a port as a supplicant with either the default supplicant settings or any

previously configured supplicant settings, whichever is most recent. The “no” form

of the command disables supplicant operation on the specified ports.

Configuring a Supplicant Switch Port

You must enable supplicant operation on a port before changing the supplicant configuration. This

means you must execute the supplicant command once without any other parameters, then execute

it again with a supplicant parameter you want to configure. If the intended authenticator port uses

RADIUS authentication, then use the identity and secret options to configure the RADIUS-expected

credentials on the supplicant port. If the intended authenticator port uses Local 802.1X

authentication, then use the identity and secret options to configure the authenticator switch’s local

username and password on the supplicant port.

Syntax

aaa port-access supplicant [ethernet] < port-list>

To enable supplicant operation on the designated ports, execute this command

without any other parameters. After doing this, you can use the command again

with the following parameters to configure supplicant operation. (Use one instance

of the command for each parameter you want to configure The no form disables

supplicant operation on the designated port(s).

[identity < username >]

Sets the username and password to pass to the authenticator port when a

challenge-request packet is received from the authenticator port due to an

authentication request. If the intended authenticator port is configured for RADIUS

authentication, then < username > and < password > must be the username and

password expected by the RADIUS server. If the intended authenticator port is

configured for Local authentication, then < username > and < password > must be

the username and password configured on the Authenticator switch. (Default: Null.)

aaa port-access supplicant [ethernet] < port-list>

[secret]

Enter secret: < password >

Repeat secret: < password >

Sets the secret password to be used by the port supplicant when an MD5 authentication request

is received from an authenticator. The switch prompts you to enter the secret password after the

command is invoked.

NOTE: For the 3800, 5400zl, and 8200zl switches, when the switch is in enhanced secure

mode, commands that take a password as a parameter have the echo of the password typing

replaced with asterisks. The input for the password is prompted for interactively. For more

information, see “Secure Mode (3800, 5400zl, and 8200zl Switches)” (page 498).

[encrypted-secret]

Specify secret as a base64-encoded aes-256 encrypted string.

Configuring Port-Based Access 479