Filter
Top Products
8-37
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
Note If you want to implement the optional port security feature on the switch, you
should first ensure that the ports you have configured as 802.1X authenticators
operate as expected. Then refer to “Option For Authenticator Ports: Configure
Port-Security To Allow Only 802.1X Devices” on page 8-40.
After you complete steps 1 and 2, the configured ports are enabled for 802.1X
authentication (without VLAN operation), and you are ready to configure
VLAN Operation.
Configuring 802.1X Open VLAN Mode. Use these commands to actually
configure Open VLAN mode. For a listing of the steps needed to prepare the
switch for using Open VLAN mode, refer to “Preparation” on page 8-34.
For example, suppose you want to configure 802.1X port-access with Open
VLAN mode on ports A10 - A20 and:
■ These two static VLANs already exist on the switch:
• Unauthorized, VID = 80
• Authorized, VID = 81
■ Your RADIUS server has an IP address of 10.28.127.101. The server
uses rad4all as a server-specific key string. The server is connected to
a port on the Default VLAN.
■ The switch's default VLAN is already configured with an IP address
of 10.28.127.100 and a network mask of 255.255.255.0
Syntax: aaa port-access authenticator [e] < port-list >
[auth-vid < vlan-id >]
Configures an existing, static VLAN to be the Authorized-
Client VLAN.
[< unauth-vid < vlan-id >]
Configures an existing, static VLAN to be the Unautho-
rized-Client VLAN.
ProCurve(config)# aaa authentication port-access eap-radius
Configures the switch for 802.1X authentication using an EAP-RADIUS server.
ProCurve(config)# aaa port-access authenticator a10-a20
Configures ports A10 - A20 as 802.1 authenticator ports.
ProCurve(config)# radius host 10.28.127.101 key rad4all