8-38
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
■ The switch's default VLAN is already configured with an IP address
of 10.28.127.100 and a network mask of 255.255.255.0
Inspecting 802.1X Open VLAN Mode Operation. For information and
an example on viewing current Open VLAN mode operation, refer to “Viewing
802.1X Open VLAN Mode Status” on page 8-50.
802.1X Open VLAN Operating Notes
■ Although you can configure Open VLAN mode to use the same VLAN
for both the Unauthorized-Client VLAN and the Authorized-Client
VLAN, this is not recommended. Using the same VLAN for both
purposes allows unauthenticated clients access to a VLAN intended
only for authenticated clients, which poses a security breach.
■ While an Unauthorized-Client VLAN is in use on a port, the switch
temporarily removes the port from any other statically configured
VLAN for which that port is configured as a member. Note that the
Menu interface will still display the port’s statically configured
VLAN(s).
■ A VLAN used as the Unauthorized-Client VLAN should not allow
access to resources that must be protected from unauthenticated
clients.
ProCurve(config)# aaa authentication port-access eap-radius
Configures the switch for 802.1X authentication using an EAP-RADIUS server.
ProCurve(config)# aaa port-access authenticator a10-a20
Configures ports A10 - A20 as 802.1 authenticator ports.
ProCurve(config)# radius host 10.28.127.101 key rad4all
Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101
and an encryption key of rad4all.
ProCurve(config)# aaa port-access authenticator e a10-a20 unauth-vid 80
Configures ports A10 - A20 to use VLAN 80 as the Unauthorized-Client VLAN.
ProCurve(config)# aaa port-access authenticator e a10-a20 auth-vid 81
Configures ports A10 - A20 to use VLAN 81 as the Authorized-Client VLAN.
ProCurve(config)# aaa port-access authenticator active
Activates 802.1X port-access on ports you have configured as authenticators.
To Next Page
Loading...
Need help?
General