6 Configuring Port-Based Access Control (802.1x)

Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

Why Use Port-Based Access Control? . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

How 802.1x Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

Authenticator Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

Switch-Port Supplicant Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

General Operating Rules and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

General Setup Procedure for

Port-Based Access Control (802.1x) . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 Do These Steps Before You Configure 802.1x Operation . . . . . . . . . 6-11 Overview: Configuring 802.1x Authentication on the Switch . . . . . . 6-12

Configuring Switch Ports as 802.1x Authenticators . . . . . . . . . . . . 6-14 1. Enable 802.1x Authentication on Selected Ports . . . . . . . . . . . . . . 6-15

3. Configure the 802.1x Authentication Method . . . . . . . . . . . . . . . . . 6-18

4. Enter the RADIUS Host IP Address(es) . . . . . . . . . . . . . . . . . . . . . . 6-19

5. Enable 802.1x Authentication on the Switch . . . . . . . . . . . . . . . . . . 6-19

802.1x Open VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20Use Models for 802.1x Open VLAN Modes . . . . . . . . . . . . . . . . . . . . . 6-21

Operating Rules for Authorized-Client and

Unauthorized-Client VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Setting Up and Configuring 802.1x Open VLAN Mode . . . . . . . . . . . . 6-26 802.1x Open VLAN Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-31

Configuring Switch Ports To Operate As Supplicants for

802.1x Connections to Other Switches . . . . . . . . . . . . . . . . . . . . . . . 6-33

Displaying 802.1x Configuration, Statistics, and Counters . . . . . . 6-37 Show Commands for Port-Access Authenticator . . . . . . . . . . . . . . . . 6-37 Viewing 802.1x Open VLAN Mode Status . . . . . . . . . . . . . . . . . . . . . . . 6-38 Show Commands for Port-Access Supplicant . . . . . . . . . . . . . . . . . . . 6-42

vii

Page 9
Image 9
HP 4100gl General Setup Procedure for, Operating Rules for Authorized-Client, 802.1x Connections to Other Switches, Vii