HP (Hewlett-Packard) 2650 (J4899A/B) ユーザーズマニュアル
8-12
Configuring Port-Based Access Control (802.1X)
General Setup Procedure for Port-Based Access Control (802.1X)
General Setup Procedure for Port-Based Access Control (802.1X)
General Setup Procedure for Port-Based
Access Control (802.1X)
Access Control (802.1X)
Do These Steps Before You Configure 802.1X Operation
1.
Configure a local username and password on the switch for both the
Operator (login) and Manager (enable) access levels. (While this may or
may not be required for your 802.1X configuration, ProCurve recommends
that you use a local username and password pair at least until your other
security measures are in place.)
Operator (login) and Manager (enable) access levels. (While this may or
may not be required for your 802.1X configuration, ProCurve recommends
that you use a local username and password pair at least until your other
security measures are in place.)
2.
Determine which ports on the switch you want to operate as authentica-
tors and/or supplicants, and disable LACP on these ports. (See the “Note
on 802.1X and LACP” on page 8-11.)
tors and/or supplicants, and disable LACP on these ports. (See the “Note
on 802.1X and LACP” on page 8-11.)
3.
Determine whether to use the optional 802.1X Open VLAN mode for
clients that are not 802.1X-aware; that is, for clients that are not running
802.1X supplicant software. (This will require you to provide download-
able software that the client can use to enable an authentication session.)
For more on this topic, refer to “802.1X Open VLAN Mode” on page 8-21.
clients that are not 802.1X-aware; that is, for clients that are not running
802.1X supplicant software. (This will require you to provide download-
able software that the client can use to enable an authentication session.)
For more on this topic, refer to “802.1X Open VLAN Mode” on page 8-21.
4.
For each port you want to operate as a supplicant, determine a username
and password pair. You can either use the same pair for each port or use
unique pairs for individual ports or subgroups of ports. (This can also be
the same local username/password pair that you assign to the switch.)
and password pair. You can either use the same pair for each port or use
unique pairs for individual ports or subgroups of ports. (This can also be
the same local username/password pair that you assign to the switch.)
5.
Unless you are using only the switch’s local username and password for
802.1X authentication, configure at least one RADIUS server to authenti-
cate access requests coming through the ports on the switch from external
supplicants (including switch ports operating as 802.1X supplicants). You
can use up to three RADIUS servers for authentication; one primary and
two backups. Refer to the documentation provided with your RADIUS
application.
802.1X authentication, configure at least one RADIUS server to authenti-
cate access requests coming through the ports on the switch from external
supplicants (including switch ports operating as 802.1X supplicants). You
can use up to three RADIUS servers for authentication; one primary and
two backups. Refer to the documentation provided with your RADIUS
application.