HP (Hewlett-Packard) 2500 Switch User Manual


 
53
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Configuring 802.1X Open VLAN Mode. Use these commands to actually configure Open VLAN
mode. For a listing of the steps needed to prepare the switch for using Open VLAN mode, refer to
“Preparation” on page 50.
For example, suppose you want to configure 802.1X port-access with Open VLAN mode on ports 10
- 20 and:
These two static VLANs already exist on the switch:
UnAuthorized, VID = 80
Authorized, VID = 81
Your RADIUS server has an IP address of 10.28.127.101. The server uses rad4all as a server-
specific key string. The server is connected to a port on the Default VLAN.
The switch's default VLAN is already configured with an IP address of 10.28.127.100 and a
network mask of 255.255.255.0
Syntax: aaa port-access authenticator [e] < port-list >
[auth-vid < vlan-id >]
Configures an existing, static VLAN to be the Authorized-
Client VLAN.
[< unauth-vid < vlan-id >]
Configures an existing, static VLAN to be the Unauthor-
ized-Client VLAN.
HPswitch(config)# aaa authentication port-access eap-radius
Configures the switch for 802.1X authentication using an EAP-RADIUS server.
HPswitch(config)# aaa port-access authenticator 10-20
Configures ports 10 - 20 as 802.1 authenticator ports.
HPswitch(config)# radius host 10.28.127.101 key rad4all
Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101
and an encryption key of rad4all.
HPswitch(config)# aaa port-access authenticator e 10-20 unauth-vid 80
Configures ports 10 - 20 to use VLAN 80 as the Unauthorized-Client VLAN.
HPswitch(config)# aaa port-access authenticator e 10-20 auth-vid 81
Configures ports 10 - 20 to use VLAN 81 as the Authorized-Client VLAN.
HPswitch(config)# aaa port-access authenticator active
Activates 802.1X port-access on ports you have configured as authenticators.