HP (Hewlett-Packard) 2500 Switch User Manual


 
32
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
iv. If the client is successfully authenticated and authorized to connect to the network,
then the server notifies the switch to allow access to the client. Otherwise, access is
denied and the port remains blocked.
If 802.1X (port-access) on the switch is configured for local authentication, then:
i. The switch compares the client’s credentials with the username and password config-
ured in the switch (Operator or Manager level).
ii. If the client is successfully authenticated and authorized to connect to the network,
then the switch allows access to the client. Otherwise, access is denied and the port
remains blocked.
Switch-Port Supplicant Operation
This operation provides security on links between 802.1X-aware switches. For example, suppose that
you want to connect two switches, where:
Switch “A” has port 1 configured for 802.1X supplicant operation.
You want to connect port 1 on switch “A” to port 5 on switch “B”.
Figure 11. Example of Supplicant Operation
1. When port 1 on switch “A” is first connected to a port on switch “B”, or if the ports are already
connected and either switch reboots, port 1 begins sending start packets to port 5 on switch “B”.
If, after the supplicant port sends the configured number of start packets, it does not
receive a response, it assumes that switch “B” is not 802.1X-aware, and transitions to
the authenticated state. If switch “B” is operating properly and is not 802.1X-aware, then
the link should begin functioning normally, but without 802.1X security.
If, after sending one or more start packets, port 1 receives a request packet from port 5,
then switch “B” is operating as an 802.1X authenticator. The supplicant port then sends
a response/ID packet. Switch “B” forwards this request to a RADIUS server.
RADIUS Server
Switch “A”
Port 1 Configured as an
802.1X Supplicant
Port 1
Switch “B”
Port 5
LAN Core