HP 1:10Gb Ethernet BL-c Switch for c-Class BladeSystem Application Guide

ManualsBrandsHP ManualsComputer AccessoriesHP 1:10Gb Ethernet Blade Switch for c-Class BladeSystem

Port-based Network Access and traffic control

Table 9 EAP support for RADIUS attributes

# Attribute Attribute Value A-R A-A A-C A-R

24 State Server-specific value. This is sent unmodified

back to the server in an Access-Request that is

in response to an Access-Challenge.

0-1 0-1 0-1 0

30 Called-Station-ID The MAC address of the authenticator

encoded as an ASCII string in canonical

format, e.g. 000D5622E3 9F.

1 0 0 0

31 Calling-Station-ID The MAC address of the supplicant encoded

as an ASCII string in canonical format, e.g.

00034B436206.

1 0 0 0

79 EAP-Message Encapsulated EAP packets from the supplicant

to the authentication server (Radius) and vice-

versa. The authenticator relays the decoded

packet to both devices.

1+ 1+ 1+ 1+

80 Message-Authenticator Always present whenever an EAP-Message

attribute is also included. Used to integrity-

protect a packet.

1 1 1 1

87 NAS-Port-ID Name assigned to the authenticator port, e.g.

Server1_Port3

1 0 0 0

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)

RADIUS Attribute Support:

0—This attribute MUST NOT be present in a packet.

0+—Zero or more instances of this attribute MAY be present in a packet.

0-1—Zero or one instance of this attribute MAY be present in a packet.

1—Exactly one instance of this attribute MUST be present in a packet.

1+—One or more of these attributes MUST be present.

EAPoL configuration guidelines

When configuring EAPoL, consider the following guidelines:

• The 802.1x port-based authentication is currently supported only in point-to-point configurations, that

is, with a single supplicant connected to an 802.1x-enabled switch port.

• When 802.1x is enabled, a port has to be in the authorized state before any other Layer 2 feature

can be operationally enabled. For example, the STG state of a port is operationally disabled while

the port is in the unauthorized state.

• The 802.1x supplicant capability is not supported. Therefore, none of its ports can connect

successfully to an 802.1x-enabled port of another device, such as another switch, which acts as an

authenticator, unless access control on the remote port is disabled or is configured in forced-

authorized mode. For example, if a HP 1:10GbE switch is connected to another HP 1:10GbE

switch, and if 802.1x is enabled on both switches, the two connected ports must be configured in

force-authorized mode.