Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

802.1x radius authentication

RAP10
Occasional Contributor

802.1x radius authentication

Hi,

based on the documentation I found, does the 802.1x radius authentication a global configuration on the switch, and can you only allow the authentication on specific ports? Because I already tried the local authentication on specific ports and it works, but can I also do the same thing on a radius or active directory authentication? Thanks!
3 REPLIES
Jeff Carrell
Honored Contributor

Re: 802.1x radius authentication

Configuring 802.1X user access authentication is configured on a port-by-port basis. So you can select exactly which ports support this function...the basic command is 'aaa port-access authenticator '.

You must configure a RADIUS server to support this system function (like Microsoft IAS [W2K0/3] or NPS [W2K8] or OpenRADIUS, etc, and a directory service (built-in or using Active Directory). In the case of a Microsoft platform, the RADIUS Access Policy can only be configured to support AD at the Windows Group level, not at an individual level (unless you create a specific group for each person).

hth...Jeff
RAP10
Occasional Contributor

Re: 802.1x radius authentication

Thanks for he feedback it was very helpful. Since you mentioned that I can configure the authentication per port, I dont have to configure a supplicant switch cascaded switch with no authentication involved? Am I understatnding this correctly? Thanks!
manui31804
Advisor

Re: 802.1x radius authentication

Hi,

Currently, on the supplicant switch, you have to configure a port as a supplicant port. it's the link between your authenticator switch and your supplicant switch which allows 802.1x through cascaded switchs.

The command lines for your hp supplicant switch are :
"aaa port-access supplicant "
"aaa port-access supplicant identity secret"

you will be prompted to enter a password

you can use radius with AD. You have to create a user (your switch supplicant) with login: and password: .

hope i helped you but jeff will explain it better than me.

regards

manu