Enabling 802.1X; Configuration Guidelines; Configuration Procedure; Enabling Eap Relay Or Eap Termination - HP 3600 v2 Series Configuration Manual

Enabling 802.1X

Configuration guidelines

If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
•
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
802.1X is mutually exclusive with link aggregation and service loopback group configuration on a
•
port.
Do not use the BPDU drop feature on an 802.1X-enabled port. The BPDU drop feature discards
•
802.1X packets arrived on the port.

Configuration procedure

To enable 802.1X on a port:
Step
1. Enter system view.
2. Enable 802.1X globally.
3. Enable 802.1X on a
port.

Enabling EAP relay or EAP termination

When you configure EAP relay or EAP termination, consider the following factors:
The support of the RADIUS server for EAP packets
•
The authentication methods supported by the 802.1X client and the RADIUS server
•
If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an HP iNode 802.1X client, you can use both EAP termination and EAP relay.
To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you make
your decision, see
For more information about EAP relay and EAP termination, see
To configure EAP relay or EAP termination:
Step
1. Enter system view.
Command
system-view
dot1x
•
In system view:
dot1x interface interface-list
•
In Ethernet interface view:
a. interface interface-type
interface-number
b. dot1x
"A comparison of EAP relay and EAP
Command
system-view
termination" for help.
"802.1X authentication
Remarks
N/A
81
Remarks
N/A
By default, 802.1X is
disabled globally.
Use either method.
By default, 802.1X is
disabled on a port.
procedures."