HP (Hewlett-Packard) 2650 (J4899A/B) Switch User Manual


 
8-13
Configuring Port-Based Access Control (802.1X)
General Setup Procedure for Port-Based Access Control (802.1X)
Overview: Configuring 802.1X Authentication on the
Switch
This section outlines the steps for configuring 802.1X on the switch. For
detailed information on each step, refer to “RADIUS Authentication and
Accounting” on page 5-1 or “Configuring Switch Ports To Operate As Suppli-
cants for 802.1X Connections to Other Switches” on page 8-34.
1. Enable 802.1X authentication on the individual ports you want to serve as
authenticators. On the ports you will use as authenticators, either accept
the default 802.1X settings or change them, as necessary. Note that, by
default, the port-control parameter is set to auto for all ports on the switch.
This requires a client to support 802.1X authentication and to provide valid
credentials to get network access. Refer to page 8-15.
2. If you want to provide a path for clients without 802.1X supplicant
software to download the software so that they can initiate an authenti-
cation session, enable the 802.1X Open VLAN mode on the ports you want
to support this feature. Refer to page 8-21.
3. Configure the 802.1X authentication type. Options include:
Local Operator username and password (the default). This option
allows a client to use the switch’s local username and password as
valid 802.1X credentials for network access.
EAP RADIUS: This option requires your RADIUS server application
to support EAP authentication for 802.1X.
CHAP (MD5) RADIUS: This option requires your RADIUS server
application to support CHAP (MD5) authentication.
See page 8-19.
4. If you select either eap-radius or chap-radius for step 3, use the radius host
command to configure up to three RADIUS server IP address(es) on the
switch. See page 8-20.
5. Enable 802.1X authentication on the switch. See page 8-15.
6. Test both the authorized and unauthorized access to your system to
ensure that the 802.1X authentication works properly on the ports you
have configured for port-access.
Note If you want to implement the optional port security feature (step 7) on the
switch, you should first ensure that the ports you have configured as 802.1X
authenticators operate as expected.