Configuring Port-Based Access Control (802.1x)

General Operating Rules and Notes

If a client already has access to a switch port when you configure the port for 802.1x authenticator operation, the port will block the client from further network access until it can be authenticated.

On a port configured for 802.1x with RADIUS authentication, if the RADIUS server specifies a VLAN for the supplicant and the port is a trunk member, the port will be blocked. If the port is later removed from the trunk, the port will try to authenticate the supplicant. If authentication is successful, the port becomes unblocked. Similarly, if the supplicant is authenticated and later the port becomes a trunk member, the port will be blocked. If the port is then removed from the trunk, it tries to re-authenticate the supplicant. If successful, the port becomes unblocked.

To help maintain security, 802.1x and LACP cannot both be enabled on the same port. If you try to configure 802.1x on a port already configured for LACP (or the reverse) you will see a message similar to the following:

Error configuring port X: LACP and 802.1x cannot be run together.

Note on 802 . 1x To help maintain security, the switch does not allow 802.1x and LACP to both

and LACP be enabled at the same time on the same port. Refer to “802.1x Operating Messages” on page 6-47

6-10

Page 144
Image 144
HP 4100gl manual Configuring Port-Based Access Control