Configuring 802.1x open vlan mode, E 8-30 – HP 2800 User Manual

Configuring Port-Based Access Control (802.1X)
802.1X Open VLAN Mode

Configuring 802.1X Open VLAN Mode.

Use these commands to actually

configure Open VLAN mode. For a listing of the steps needed to prepare the
switch for using Open VLAN mode, refer to “Preparation” on page 8-27.

Syntax:

aaa port-access authenticator [e] < port-list >

[auth-vid < vlan-id >]

Configures an existing, static VLAN to be the Authorized-
Client VLAN.

[< unauth-vid < vlan-id >]

Configures an existing, static VLAN to be the Unautho­
rized-Client VLAN.

For example, suppose you want to configure 802.1X port-access with Open
VLAN mode on ports A10 - A20 and:

■

These two static VLANs already exist on the switch:

•

Unauthorized, VID = 80

•

Authorized, VID = 81

■

Your RADIUS server has an IP address of 10.28.127.101. The server
uses

rad4all as a server-specific key string. The server is connected to

a port on the Default VLAN.

■

The switch's default VLAN is already configured with an IP address
of 10.28.127.100 and a network mask of 255.255.255.0

HPswitch(config)# aaa authentication port-access eap-radius

Configures the switch for 802.1X authentication using an EAP-RADIUS server.

HPswitch(config)# aaa port-access authenticator a10-a20

Configures ports A10 - A20 as 802.1 authenticator ports.

HPswitch(config)# radius host 10.28.127.101 key rad4all

Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101
and an encryption key of rad4all.

HPswitch(config)# aaa port-access authenticator e a10-a20 unauth-vid 80

Configures ports A10 - A20 to use VLAN 80 as the Unauthorized-Client VLAN.

HPswitch(config)# aaa port-access authenticator e a10-a20 auth-vid 81

Configures ports A10 - A20 to use VLAN 81 as the Authorized-Client VLAN.

HPswitch(config)# aaa port-access authenticator active

Activates 802.1X port-access on ports you have configured as authenticators.

8-30