Comware

 View Only
Back to discussions
Expand all | Collapse all

Request for Dot1x and MAC Authentication Configuration Commands on HP

This thread has been viewed 15 times

  • 1.  Request for Dot1x and MAC Authentication Configuration Commands on HP

    Posted Sep 06, 2025 06:23 AM

    Dear HP Support Team,

    I am working on configuring port security on an HP A5500 switch running Comware version 5.20.99. I need to implement 802.1X authentication and MAC Authentication Bypass (MAB) on a single interface.

    Could you please provide the exact CLI commands or a configuration example for enabling both dot1x and MAC authentication on a single port on this platform and software version?



    -------------------------------------------


  • 2.  RE: Request for Dot1x and MAC Authentication Configuration Commands on HP

    Posted Sep 15, 2025 01:35 AM

    Hi Rajat, 

    Initially, this is not a Support page, but this is a Community portal. 

    First you need to configure RADIUS scheme:

    HPE_A5500> system-view
    [HPE_A5500] radius scheme your-radius-scheme
    [HPE_A5500-radius-your-radius-scheme] primary authentication <ip address>
    [HPE_A5500-radius-your-radius-scheme] primary accounting <ip address>
    [HPE_A5500-radius-your-radius-scheme] secondary authentication <ip address>
    [HPE_A5500-radius-your-radius-scheme] secondary accounting <ip address>
    [HPE_A5500-radius-your-radius-scheme] key authentication <your-secret-key>
    [HPE_A5500-radius-your-radius-scheme] key accounting <your-secret-key>
    [HPE_A5500-radius-your-radius-scheme] user-name-format with-domain
    [HPE_A5500-radius-your-radius-scheme] quit

    Then you need to configure authentication domain

    [HPE_A5500] domain your-auth-domain
    [HPE_A5500-domain-your-auth-domain] authentication access radius-scheme your-radius-scheme
    [HPE_A5500-domain-your-auth-domain] authorization access radius-scheme your-radius-scheme
    [HPE_A5500-domain-your-auth-domain] accounting access radius-scheme your-radius-scheme
    [HPE_A5500-domain-your-auth-domain] quit
    [HPE_A5500] domain default enable your-auth-domain

    Then you need to configure global authentication settings

    [HPE_A5500] mac-authentication timer offline-detect 600
    [HPE_A5500] mac-authentication timer quiet 180

    Then you need to configure your interfaces, taking an example of Gigabit Ethernet 1/0/1

    [HPE_A5500] interface GigabitEthernet1/0/1
    [HPE_A5500-GigabitEthernet1/0/1] port link-mode bridge
    [HPE_A5500-GigabitEthernet1/0/1] port link-type hybrid
    [HPE_A5500-GigabitEthernet1/0/1] undo port hybrid vlan 1
    [HPE_A5500-GigabitEthernet1/0/1] port hybrid pvid vlan 749
    [HPE_A5500-GigabitEthernet1/0/1] port hybrid vlan 3590 tagged
    [HPE_A5500-GigabitEthernet1/0/1] port hybrid vlan 749 untagged
    [HPE_A5500-GigabitEthernet1/0/1] mac-authentication max-user 2
    [HPE_A5500-GigabitEthernet1/0/1] mac-vlan enable
    [HPE_A5500-GigabitEthernet1/0/1] dot1x mandatory-domain your-auth-domain
    [HPE_A5500-GigabitEthernet1/0/1] dot1x re-authenticate
    [HPE_A5500-GigabitEthernet1/0/1] port-security port-mode userlogin-secure-or-mac-ext
    [HPE_A5500-GigabitEthernet1/0/1] quit



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP
    Just an Aruba enthusiast and contributor by cases
    If you find my comment helpful, KUDOS are appreciated.
    ------------------------------



Related Content