Web and MAC Authentication

Setup Procedure for Web/MAC Authentication

ProCurve (config)# show port-access config

Port Access Status Summary

Port-access authenticator activated [No] : Yes

Allow RADIUS-assigned dynamic

(GVRP) VLANs [No] : Yes

 

Supplicant

Authenticator

Web Auth

Mac Auth

Port

Enabled

Enabled

Enabled

Enabled

----

----------

-------------

--------

--------

1

Yes

No

No

Yes

2

No

Yes

No

Yes

3

No

Yes

No

No

4

No

No

No

No

5

No

No

No

No

6

No

No

No

No

7

No

No

No

No

8

No

No

No

No

9

No

No

No

No

10

No

No

No

No

11

No

No

No

No

12

No

No

No

No

...

 

 

 

 

Figure 3-4. Example of show port-access config Command Output

3.Determine whether any VLAN assignments are needed for authenticated clients.

a.If you configure the RADIUS server to assign a VLAN for an authen- ticated client, this assignment overrides any VLAN assignments con- figured on the switch while the authenticated client session remains active. Note that the VLAN must be statically configured on the switch.

b.If there is no RADIUS-assigned VLAN, the port can join an “Authorized VLAN” for the duration of the client session, if you choose to configure one. This must be a port-based, statically configured VLAN on the switch.

c.If there is neither a RADIUS-assigned VLAN or an “Authorized VLAN” for an authenticated client session on a port, then the port’s VLAN membership remains unchanged during authenticated client ses- sions. In this case, configure the port for the VLAN in which you want it to operate during client sessions.

3-15