13-2
Configuring Port-Based and User-Based Access Control (802.1X)
Overview
•
Authentication of 802.1X access using a RADIUS server and either the
EAP or CHAP protocol.
•
Provision for enabling clients that do not have 802.1 supplicant soft-
ware to use the switch as a path for downloading the software and
initiating the authentication process (802.1X Open VLAN mode).
•
User-Based access control option with support for up to 32 authenti-
cated clients per-port.
•
Port-Based access control option allowing authentication by a single
client to open the port. This option does not force a client limit and,
on a port opened by an authenticated client, allows unlimited client
access without requiring further authentication.
•
Supplicant implementation using CHAP authentication and indepen-
dent user credentials on each port.
■
The local operator password configured with the
password
command for
management access to the switch is no longer accepted as an 802.1X
authenticator credential. The
password port-access
command configures
the local operator username and password used as 802.1X authentication
credentials for access to the switch. The values configured can be stored
in a configuration file using the
include-credentials
command. For infor-
mation about the
password port-access
Before You Configure 802.1X Operation” on page 13-13.
■
On-demand change of a port’s configured VLAN membership status to
support the current client session.
■
Session accounting with a RADIUS server, including the accounting
update interval.
■
Use of Show commands to display session counters.
■
Support for concurrent use of 802.1X and either Web authentication or
MAC authentication on the same port.
■
For unauthenticated clients that do not have the necessary 802.1X suppli-
cant software (or for other reasons related to unauthenticated clients),
there is the option to configure an
Unauthorized-Client VLAN
. This mode
allows you to assign unauthenticated clients to an isolated VLAN through
which you can provide the necessary supplicant software and/or other
services you want to extend to these clients.
User Authentication Methods
The switch offers two methods for using 802.1X access control. Generally, the
“Port Based” method supports one 802.1X-authenticated client on a port,
which opens the port to an unlimited number of clients. The “User-Based”
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......