Hewlett-Packard Q.11. (2510-24) Manual

next previous

8-1

Configuring Port-Based and Client-Based

Access Control (802.1X)

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

Why Use Port-Based or Client-Based Access Control? . . . . . . . . . . . . 8-2

General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

User Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

General 802.1X Authenticator Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

Example of the Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

Switch-Port Supplicant Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

General Operating Rules and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11

General Setup Procedure for 802.1X Access Control . . . . . . . . . . . . . . . . 8-13

Do These Steps Before You Configure 802.1X Operation . . . . . . . . . 8-13

Overview: Configuring 802.1X Authentication on the Switch . . . . . . 8-14

Configuring Switch Ports as 802.1X Authenticators . . . . . . . . . . . . . . . . . 8-16

1. Enable 802.1X Authentication on Selected Ports . . . . . . . . . . . . . . 8-16

2. Reconfigure Settings for Port-Access . . . . . . . . . . . . . . . . . . . . . . . . 8-19

3. Configure the 802.1X Authentication Method . . . . . . . . . . . . . . . . . 8-22

4. Enter the RADIUS Host IP Address(es) . . . . . . . . . . . . . . . . . . . . . . 8-23

5. Enable 802.1X Authentication on the Switch . . . . . . . . . . . . . . . . . 8-23

6. Optionally Resetting Authenticator Operation . . . . . . . . . . . . . . . . 8-24

802.1X Open VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25

VLAN Membership Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26

Use Models for 802.1X Open VLAN Modes . . . . . . . . . . . . . . . . . . . . . 8-27

Operating Rules for Authorized-Client and

Unauthorized-Client VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30