Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Example: Configuring Client-Based 802.1X Authentication
This example enables ports A10-A12 to operate as authenticators, and then
configures the ports for client-based authentication.
ProCurve(config)# aaa port-access authenticator a10-A12
ProCurve(config)# aaa port-access authenticator a10-A12 client-limit 4
Figure 10-2. Example of Configuring Client-Based 802.1X Authentication
Example: Configuring Port-Based 802.1X Authentication
This example enables ports A13-A15 to operate as authenticators, and then
configures the ports for port-based authentication.
ProCurve(config)# aaa port-access authenticator a13-a15
ProCurve(config)# no aaa port-access authenticator a13-a15 client-limit
Figure 10-3. Example of Configuring Port-Based 802.1X Authentication
2. Reconfigure Settings for Port-Access
The commands in this section are initially set by default and can be reconfig
ured as needed.
Syntax:
aaa port-access authenticator <
port-list
>
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized:
Also termed “Force Authorized”
.
Gives
access to a device connected to the port. In this case,
the device does not have to provide 802.1X credentials
or support 802.1X authentication. (You can still
configure console, Telnet, or SSH security on the port.)
auto
(the default): The device connected to the port must
support 802.1X authentication and provide valid
credentials to get network access. (Optional: You can
use the Open VLAN mode to provide a path for clients
without 802.1X supplicant software to down-load this
software and begin the authentication process. Refer
to “802.1X Open VLAN Mode” on page 10-24.)
unauthorized:
Also termed “Force Unauthorized”
.
Do not
grant access to the network, regardless of whether the
device provides the correct credentials and has 802.1X
support. In this state, the port blocks access to any
connected device.
10-19
Summary of Contents for J8697A
Page 1: ...6200yl Access Security Guide 5400zl 3500yl ProCurve Switches K 11 XX www procurve com ...
Page 2: ......
Page 22: ...Product Documentation Feature Index xx ...
Page 55: ...Configuring Username and Password Security Front Panel Security 2 21 ...
Page 56: ...Configuring Username and Password Security Front Panel Security 2 22 ...
Page 58: ...Virus Throttling Contents Operating Notes 3 30 Connection Rate Log and Trap Messages 3 31 3 2 ...
Page 88: ...Virus Throttling Connection Rate Log and Trap Messages This page is intentionally unused 3 32 ...
Page 118: ...Web and MAC Authentication Client Status This page intentionally unused 4 30 ...
Page 356: ...Configuring and Monitoring Port Security Operating Notes for Port Security 11 44 ...
Page 370: ...Using Authorized IP Managers Operating Notes This page is intentionally unused 12 14 ...
Page 388: ...10 Index ...
Page 389: ......