Web and MAC Authentication

Setup Procedure for Web/MAC Authentication

Web/MACAuthenticationand LACP

Web or MAC authentication and LACP are not supported at the same time on a port. The switch automatically disables LACP on ports configured for Web or MAC authentication.

Use the show port-accessweb-basedcommands to display session status, port-access configuration settings, and statistics for Web-Auth sessions.

When spanning tree is enabled on a switch that uses 802.1X, Web authentication, or MAC authentication, loops may go undetected. For example, spanning tree packets that are looped back to an edge port will not be processed because they have a different broadcast/multi- cast MAC address from the client-authenticated MAC address. To ensure that client-authenticated edge ports get blocked when loops occur, you should enable loop protection on those ports. For more information, refer to “Loop Protection” in the chapter titled “Multiple Instance Spanning-Tree Operation” in the Advanced Traffic Manage- ment Guide for your switch.

Setup Procedure for Web/MAC

Authentication

Before You Configure Web/MAC Authentication

1.Configure a local username and password on the switch for both the Operator (login) and Manager (enable) access levels. (While this is not required for a Web- or MAC-based configuration, ProCurve recommends that you use a local user name and password pair, at least until your other security measures are in place, to protect the switch configuration from unauthorized access.)

2.Determine the switch ports that you want to configure as authenticators. Note that before you configure Web- or MAC-based authentication on a port operating in an LACP trunk, you must remove the port from the trunk. (For more information, refer to the “Web/MAC Authentication and LACP” on page 3-14.)

To display the current configuration of 802.1X, Web-based, and MAC authentication on all switch ports, enter the show port-access config command.

3-14