EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #94 background imageLoading...
Page #94 background image
81
• If the PVID is a voice VLAN, the 802.1X feature cannot take effect on the port. For more
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
• Do not enable 802.1X on a port that is in a link aggregation or service loopback group.
To enable 802.1X:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable 802.1X globally.
dot1x
By default, 802.1X is disabled
globally.
3.
Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
4. Enable 802.1X on a port.
dot1x
By default, 802.1X is disabled
on a port.
Enabling EAP relay or EAP termination
When configuring EAP relay or EAP termination, consider the following factors:
• Support of the RADIUS server for EAP packets.
• Authentication methods supported by the 802.1X client and the RADIUS server.
You can use both EAP termination and EAP relay in any of the following situations:
• The client is using only MD5-Challenge EAP authentication. If EAP termination is used, you
must enable CHAP authentication on the access device.
• The client is an iNode 802.1X client and initiates only the username and password EAP
authentication. If EAP termination is used, you can enable either PAP or CHAP authentication
on the access device. However, for the purpose of security, you must use CHAP authentication
on the access device.
To use EAP-TLS, PEAP, or any other EAP authentication methods, you must use EAP relay. When
you make your decision, see "Comparing EAP relay and EAP termination" for help.
For more information about EAP relay and EAP termination, see "802.1X authentication
procedures."
To configure EAP relay or EAP termination:
Step
Command
Remarks
1.
Enter system
view.
system-view
N/A
2.
Configure EAP
relay or EAP
termination.
dot1x
authentication-method
{
chap
|
eap
|
pap
}
By default, the access device performs EAP
termination and uses CHAP to communicate with
the RADIUS server.
Specify the
eap
keyword to enable EAP relay.
Specify the
chap
or
pap
keyword to enable
CHAP-enabled or PAP-enabled EAP termination.
NOTE:
I
f EAP relay mode is used, the user-name-format command configured in RADIUS scheme view
does
not take effect. The access device sends
the authentication data from the client to the server
without any modification.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals