HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 373
Configuring 802.1X Open VLAN Mode., rad4all
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 373 highlights
Configuring Port-Based and User-Based Access Control (802.1X) 802.1X Open VLAN Mode Configuring 802.1X Open VLAN Mode. Use these commands to actually configure Open VLAN mode. For a listing of the steps needed to prepare the switch for using Open VLAN mode, refer to "Preparation" on page 10-40. Syntax: aaa port-access authenticator < port-list > [auth-vid < vlan-id >] Configures an existing, static VLAN to be the AuthorizedClient VLAN. [< unauth-vid < vlan-id >] Configures an existing, static VLAN to be the Unauthorized-Client VLAN. For example, suppose you want to configure 802.1X port-access with Open VLAN mode on ports A10 - A20 and: ■ These two static VLANs already exist on the switch: • Unauthorized, VID = 80 • Authorized, VID = 81 ■ Your RADIUS server has an IP address of 10.28.127.101. The server uses rad4all as a server-specific key string. The server is connected to a port on the Default VLAN. ■ The switch's default VLAN is already configured with an IP address of 10.28.127.100 and a network mask of 255.255.255.0 ProCurve(config)# aaa authentication port-access eap-radius Configures the switch for 802.1X authentication using an EAP-RADIUS server. ProCurve(config)# aaa port-access authenticator a10-a20 Configures ports A10 - A20 as 802.1 authenticator ports. ProCurve(config)# radius host 10.28.127.101 key rad4all Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101 and an encryption key of rad4all. ProCurve(config)# aaa port-access authenticator e a10-a20 unauth-vid 80 Configures ports A10 - A20 to use VLAN 80 as the Unauthorized-Client VLAN. ProCurve(config)# aaa port-access authenticator e a10-a20 auth-vid 81 Configures ports A10 - A20 to use VLAN 81 as the Authorized-Client VLAN. ProCurve(config)# aaa port-access authenticator active Activates 802.1X port-access on ports you have configured as authenticators. 10-43