ProCurve Series 2300 and 2500 Switches Release Notes
43
Enhancements in Release F.05.xx
Configuring Port-Based Access Control (802.1x)
Configuring 802.1x Open VLAN Mode. Use these commands to actually configure Open VLAN
mode. For a listing of the steps needed to prepare the switch for using Open VLAN mode, refer to
“Preparation” on page -40.
For example, suppose you want to configure 802.1x port-access with Open VLAN mode on ports 10
- 20 and:
■ These two static VLANs already exist on the switch:
• UnAuthorized, VID = 80
• Authorized, VID = 81
■ Your RADIUS server has an IP address of 10.28.127.101. The server uses rad4all as a server-
specific key string. The server is connected to a port on the Default VLAN.
■ The switch's default VLAN is already configured with an IP address of 10.28.127.100 and a
network mask of 255.255.255.0
Syntax: aaa port-access authenticator [e] < port-list >
[auth-vid < vlan-id >]
Configures an existing, static VLAN to be the Authorized-
Client VLAN.
[< unauth-vid < vlan-id >]
Configures an existing, static VLAN to be the Unautho-
rized-Client VLAN.
HPswitch(config)# aaa authentication port-access eap-radius
Configures the switch for 802.1x authentication using an EAP-RADIUS server.
HPswitch(config)# aaa port-access authenticator 10-20
Configures ports 10 - 20 as 802.1 authenticator ports.
HPswitch(config)# radius host 10.28.127.101 key rad4all
Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101
and an encryption key of rad4all.
HPswitch(config)# aaa port-access authenticator e 10-20 unauth-vid 80
Configures ports 10 - 20 to use VLAN 80 as the Unauthorized-Client VLAN.
HPswitch(config)# aaa port-access authenticator e 10-20 auth-vid 81
Configures ports 10 - 20 to use VLAN 81 as the Authorized-Client VLAN.
HPswitch(config)# aaa port-access authenticator active
Activates 802.1x port-access on ports you have configured as authenticators.