Comware

Hi,

based on the documentation I found, does the 802.1x radius authentication a global configuration on the switch, and can you only allow the authentication on specific ports? Because I already tried the local authentication on specific ports and it works, but can I also do the same thing on a radius or active directory authentication? Thanks!

Configuring 802.1X user access authentication is configured on a port-by-port basis. So you can select exactly which ports support this function...the basic command is 'aaa port-access authenticator <PORT or="" port="" -="" port="">'.

You must configure a RADIUS server to support this system function (like Microsoft IAS [W2K0/3] or NPS [W2K8] or OpenRADIUS, etc, and a directory service (built-in or using Active Directory). In the case of a Microsoft platform, the RADIUS Access Policy can only be configured to support AD at the Windows Group level, not at an individual level (unless you create a specific group for each person).

hth...Jeff</PORT>

Thanks for he feedback it was very helpful. Since you mentioned that I can configure the authentication per port, I dont have to configure a supplicant switch cascaded switch with no authentication involved? Am I understatnding this correctly? Thanks!

Hi,

Currently, on the supplicant switch, you have to configure a port as a supplicant port. it's the link between your authenticator switch and your supplicant switch which allows 802.1x through cascaded switchs.

The command lines for your hp supplicant switch are :
"aaa port-access supplicant <PORT_NUM>"
"aaa port-access supplicant <SAME num=""> identity <LOGIN switch=""> secret"

you will be prompted to enter a password

you can use radius with AD. You have to create a user (your switch supplicant) with login: <LOGIN switch=""> and password: <SWITCH secret="">.

hope i helped you but jeff will explain it better than me.

regards

manu</SWITCH></LOGIN></LOGIN></SAME></PORT_NUM>