HP (Hewlett-Packard) 2500 Switch User Manual


 
39
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
1. Enable 802.1X Authentication on Selected Ports
This task configures the individual ports you want to operate as 802.1X authenticators for point-to-
point links to 802.1X-aware clients or switches. (Actual 802.1X operation does not commence until
you perform step 5 on page 37 to activate 802.1X authentication on the switch.)
Note
When you enable 802.1X authentication on a port, the switch automatically disables LACP on that port.
However, if the port is already operating in an LACP trunk, you must remove the port from the trunk before
you can configure it for 802.1X authentication.
Syntax: aaa port-access authenticator < port-list >
Enables specified ports to operate as 802.1X authenticators
with current per- port authenticator configuration. To acti-
vate configured 802.1X operation, you must enable 802.1X
authentication. Refer to “5. Enable 802.1X Authentication
on the switch” on page 37.
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized: Also termed Force Authorized. Grants access to
any device connected to the port. In this case, the device does
not have to provide 802.1X credentials or support 802.1X
authentication. (However, you can still configure console,
Telnet, or SSH security on the port.)
auto (the default): The device connected to the port must
support 802.1X authentication and provide valid creden-
tials in order to get network access. (You have the option of
using the Open VLAN mode to provide a path for clients
without 802.1X supplicant software to download this soft-
ware and begin the authentication process. Refer to “802.1X
Open VLAN Mode” on page -44.)
unauthorized: Also termed Force Unauthorized. Do not grant
access to the network, regardless of whether the device
provides the correct credentials and has 802.1X support. In
this state, the port blocks access to any connected device.