EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #107 background imageLoading...
Page #107 background image
94
802.1X authentication configuration examples
Basic 802.1X authentication configuration example
Network requirements
As shown in Figure 31, the access device performs 802.1X authentication for users that connect to
port GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one
user does not affect other online 802.1X users.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users.
If RADIUS authentication fails, perform local authentication on the access device.
Configure the host at 10.1.1.1/24 as the primary authentication and accounting servers, and the host
at 10.1.1.2/24 as the secondary authentication and accounting servers. Assign all users to the ISP
domain bbb.
Configure the shared key as name for packets between the access device and the authentication
server. Configure the shared key as money for packets between the access device and the
accounting server.
Figure 31 Network diagram
Configuration procedure
1. Configure the 802.1X client. If HPE iNode is used, do not select the Carry version info option
in the client configuration. (Details not shown.)
2. Configure the RADIUS servers and add user accounts for the 802.1X users. (Details not
shown.)
For information about the RADIUS commands used on the access device in this example, see
Security Command Reference.
3. Assign an IP address for each interface on the access device. (Details not shown.)
4. Configure user accounts for the 802.1X users on the access device:
# Add a local network access user with the username localuser, and password localpass in
plaintext. (Make sure the username and password are the same as those configured on the
RADIUS servers.)
<Device> system-view
[Device] local-user localuser class network
[Device-luser-network-localuser] password simple localpass
# Set the service type to lan-access.
[Device-luser-network-localuser] service-type lan-access
[Device-luser-network-localuser] quit
Internet
Device
Authenticator
Host
192.168.1.2/24
GE1/0/1
Vlan-int2
192.168.1.1/24
RADIUS server cluster
Primary: 10.1.1.1/24
Secondary: 10.1.1.2/24
Supplicant
GE1/0/2
10.1.1.10/24

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals