HP (Hewlett-Packard) 2500 Switch User Manual


 
29
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Troubleshooting Port-Isolation Operation
Configuring Port-Based Access Control (802.1X)
Overview
Why Use Port-Based Access Control?
Local Area Networks are often deployed in a way that allows unauthorized clients to attach to
network devices, or allows unauthorized users to get access to unattended clients on a network. Also,
the use of DHCP services and zero configuration make access to networking services easily available.
This exposes the network to unauthorized use and malicious attacks. While access to the network
should be made easy, uncontrolled and unauthorized access is usually not desirable. 802.1X provides
access control along with the ability to control user profiles from a central RADIUS server while
allowing users access from multiple points within the network.
Symptom Possible Cause
Connectivity
problems.
A port may be configured as a tagged member of a VLAN, or multiple VLANs may be configured
on the switch. Ensure that all ports are untagged members of VLAN 1 (the default VLAN) and that
no other VLANs are configured on the switch.
Illegal port trunking. Port Isolation does not allow trunks on Private ports, or more than one Port-
Isolation type in a trunk. Also, Port Isolation allows an LACP trunk only on Uplink ports.
A port on a device connected to the switch may be configured as a tagged member of a VLAN.
GVRP may be enabled on the switch.
See “Operating Rules for Port Isolation” on page 23 and “Steps for Configuring Port Isolation” on
page 24.
Feature Default Menu CLI Web
Configuring Switch Ports as 802.1X Authenticators Disabled n/a page 38 n/a
Configuring 802.1X Open VLAN Mode Disabled n/a page 44 n/a
Configuring Switch Ports to Operate as 802.1X Supplicants Disabled n/a page 57 n/a
Displaying 802.1X Configuration, Statistics, and Counters n/a n/a page 61 n/a
How 802.1X Affects VLAN Operation n/a n/a page 67 n/a
RADIUS Authentication and Accounting Refer to “Configuring RADIUS Authentication and
Accounting” on page -102