HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 478
Example: Configuring User-Based 802.1X Authentication, 2. Recon Settings for Port-Access
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 478 highlights
Configuring Port-Based and User-Based Access Control (802.1X) Configuring Switch Ports as 802.1X Authenticators Example: Configuring User-Based 802.1X Authentication This example enables ports A10-A12 to operate as authenticators, and then configures the ports for user-based authentication. ProCurve(config)# aaa port-access authenticator a10-A12 ProCurve(config)# aaa port-access authenticator a10-A12 client-limit 4 Figure 12-4. Example of Configuring User-Based 802.1X Authentication Example: Configuring Port-Based 802.1X Authentication This example enables ports A13-A15 to operate as authenticators, and then configures the ports for port-based authentication. ProCurve(config)# aaa port-access authenticator a13-a15 ProCurve(config)# no aaa port-access authenticator a13-a15 client-limit Figure 12-5. Example of Configuring Port-Based 802.1X Authentication 2. Reconfigure Settings for Port-Access The commands in this section are initially set by default and can be reconfig ured as needed. Syntax: aaa port-access authenticator < port-list > [control < authorized | auto | unauthorized >] Controls authentication mode on the specified port: authorized: Also termed "Force Authorized". Gives access to a device connected to the port. In this case, the device does not have to provide 802.1X credentials or support 802.1X authentication. (You can still configure console, Telnet, or SSH security on the port.) auto (the default): The device connected to the port must support 802.1X authentication and provide valid credentials to get network access. (Optional: You can use the Open VLAN mode to provide a path for clients without 802.1X supplicant software to down-load this software and begin the authentication process. Refer to "802.1X Open VLAN Mode" on page 12-32.) unauthorized: Also termed "Force Unauthorized". Do not grant access to the network, regardless of whether the device provides the correct credentials and has 802.1X support. In this state, the port blocks access to any connected device. 12-22