13-53
Configuring Port-Based and User-Based Access Control (802.1X)
Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches
Supplicant Port Configuration
Enabling a Switch Port as a Supplicant.
You can configure a switch port
as a supplicant for a point-to-point link to an 802.1X-aware port on another
switch.
Configure the port as a supplicant before configuring any suppli-
cant-related parameters.
Configuring a Supplicant Switch Port.
You must enable supplicant oper-
ation on a port before changing the supplicant configuration. This means you
must execute the supplicant command once without any other parameters,
then execute it again with a supplicant parameter you want to configure. If
the intended authenticator port uses RADIUS authentication, then use the
identity
and
secret
options to configure the RADIUS-expected credentials on
the supplicant port. If the intended authenticator port uses Local 802.1X
authentication, then use the
identity
and
secret
options to configure the
authenticator switch’s local username and password on the supplicant port.
Syntax:
[no] aaa port-access supplicant [ethernet] <
port-list
>
Configures a port as a supplicant with either the default supp-
licant settings or any previously configured supplicant set-
tings, whichever is most recent. The “
no
” form of the command
disables supplicant operation on the specified ports.
Syntax:
aaa port-access supplicant [ethernet] <
port-list
>
To enable supplicant operation on the designated ports,
execute this command without any other parameters.
After doing this, you can use the command again with the
following parameters to configure supplicant opertion.
(Use one instance of the command for each parameter you
want to configure The
no
form disables supplicant opera-
tion on the designated port(s).
[identity <
username
>]
Sets the username and password to pass to the authenti-
cator port when a challenge-request packet is received from
the authenticator port due to an authentication request. If
the intended authenticator port is configured for RADIUS
authentication, then
< username >
and
< password >
must
be the username and password expected by the RADIUS
server. If the intended authenticator port is configured for
Local authentication, then
< username >
and
< password >
must be the username and password configured on the
Authenticator switch. (Default: Null.)
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......