4-12
Web and MAC Authentication
Setup Procedure for Web/MAC Authentication
■  Web- or MAC-based authentication and LACP cannot both be enabled 
on the same port. 
Web/MAC 
Authentication 
and LACP
Web or MAC authentication and LACP are not supported at the same time on 
a port. The switch automatically disables LACP on ports configured for Web 
or MAC authentication.
■ Use the show port-access web-based commands to display session 
status, port-access configuration settings, and statistics for Web-Auth 
sessions.
■ When spanning tree is enabled on a switch that uses 802.1X, Web 
authentication, or MAC authentication, loops may go undetected. For 
example, spanning tree packets that are looped back to an edge port 
will not be processed because they have a different broadcast/multi-
cast MAC address from the client-authenticated MAC address.  To 
ensure that client-authenticated edge ports get blocked when loops 
occur, you should enable loop protection on those ports. For more 
information, refer to “Loop Protection” in the chapter titled “Multiple 
Instance Spanning-Tree Operation” in the Advanced Traffic Manage-
ment Guide for your switch.
Setup Procedure for Web/MAC 
Authentication
Before You Configure Web/MAC Authentication
1. Configure a local username and password on the switch for both the 
Operator (login) and Manager (enable) access levels. (While this is not 
required for a Web- or MAC-based configuration, HP recommends that 
you use a local user name and password pair, at least until your other 
security measures are in place, to protect the switch configuration from 
unauthorized access.)
2. Determine the switch ports that you want to configure as authenticators. 
Note that before you configure Web- or MAC-based authentication on a 
port operating in an LACP trunk, you must remove the port from the trunk. 
(For more information, refer to the “Web/MAC Authentication and LACP” 
on page 4-12.)