Web and MAC Authentication
Setup Procedure for Web/MAC Authentication
Web/MAC Web or MAC authentication and LACP are not supported at the same time on
Authentication
a port. The switch automatically disables LACP on ports configured for Web
and LACP
or MAC authentication.
■ Use the show port-access web-based commands to display session status,
port-access configuration settings, and statistics for Web-Auth sessions.
■ When spanning tree is enabled on a switch that uses 802.1X, Web authen-
tication, or MAC authentication, loops may go undetected. For example,
spanning tree packets that are looped back to an edge port will not be
processed because they have a different broadcast/multicast MAC
address from the client-authenticated MAC address. To ensure that client-
authenticated edge ports get blocked when loops occur, you should
enable loop protection on those ports. For more information, see “Loop
Protection” in the chapter titled “Multiple Instance Spanning-Tree Opera-
tion” in the Advanced Traffic Management Guide.
Setup Procedure for Web/MAC
Authentication
Before You Configure Web/MAC Authentication
1. Configure a local username and password on the switch for both the
Operator (login) and Manager (enable) access levels. (While this is not
required for a Web- or MAC-based configuration, ProCurve recommends
that you use a local user name and password pair, at least until your other
security measures are in place, to protect the switch configuration from
unauthorized access.)
2. Determine the switch ports that you want to configure as authenticators.
Note that before you configure Web- or MAC-based authentication on a
port operating in an LACP trunk, you must remove the port from the trunk.
(For more information, refer to the “Web/MAC Authentication and LACP”
on page 3-13.)
To display the current configuration of 802.1X, Web-based, and MAC
authentication on all switch ports, enter the show port-access config
command.
3-13
