ProCurve 530 Bedienungsanleitung PDF herunterladen (Seite 12)

4 HP ProCurve Switches

In some cases, running authentication at ports is advantageous. Most state-of-the-art switches fully support

802.1x authentication. The following example describes commands for a simple configuration of HP ProCurve

switch ports for access via 802.1x. The sample configuration has the following features:

• The configuration is based on the HP 2510-24 switch and it should be usable for most HP ProCurve

switches. So far it was verified on 2524, 2510-24, 2626, 5406zl switches.

• The uplink is on port 26. All key VLANs lead to this port, i.e., management (VID 504), eduroam (VID 578)

for users authenticated via 802.1x and vutbrno (VID 589) for clients with no support for 802.1x, i.e.,

authenticated via web.

• We intend to use ports 1 to 10 for connection of end users directly to Ethernet.

• PEAP is used for authentication - the protocol used for wireless networks.

• Unfortunately this device does not let you define different RADIUS servers for switch management and

user authentication. Everything must be solved at the RADIUS server side with a suitable AVP extension.

Otherwise the switch management could be accessible to all users, which is definitely undesirable.

Definition of vlan to manage the device and address for access to RADIUS servers:

ip default-gateway 10.229.255.1

vlan 504

name “mgmt-vlan”

ip address 10.229.255.61 255.255.255.0

tagged 26

exit

1 2 ... 7 8 9 10 11 12 13 14 15 16

Keine Kommentare

ProCurve 530 Bedienungsanleitung Seite 12