HP (Hewlett-Packard) 2300 Switch User Manual


 
51
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Note that as an alternative, you can configure the switch to use local password authentication
instead of RADIUS authentication. However, this is less desirable because it means that all clients
use the same passwords and have the same access privileges. Also, you must use 802.1X
supplicant software that supports the use of local switch passwords.
Caution
Ensure that you do not introduce a security risk by allowing Unauthorized-Client VLAN access to
network services or resources that could be compromised by an unauthorized client.
Configuring General 802.1X Operation: These steps enable 802.1X authentication, and must be
done before configuring 802.1X VLAN operation.
1. Enable 802.1X authentication on the individual ports you want to serve as authenticators. (The
switch automatically disables LACP on the ports on which you enable 802.1X.) On the ports you
will use as authenticators with VLAN Operation, ensure that the (default) port-control param-
eter is set to auto. This setting requires a client to support 802.1X authentication (with 802.1X
supplicant operation) and to provide valid credentials to get network access.
2. Configure the 802.1X authentication type. Options include:
Syntax: aaa port-access authenticator e < port-list > control auto
Activates 802.1X port-access on ports you have configured as
authenticators.
Syntax: aaa authentication port-access < local | eap-radius | chap-radius >
Determines the type of RADIUS authentication to use.
local: Use the switch’s local username and password for
supplicant authentication (the default).
eap-radiusUse EAP-RADIUS authentication. (Refer to the
documentation for your RADIUS server.
chap-radiusUse CHAP-RADIUS (MD5) authentication.
(Refer to the documentation for your RADIUS server
software.)