
4-3
Web and MAC Authentication
Overview
Concurrent Web and MAC Authentication
Web authentication and MAC authentication can be configured at the same
time on a port. It is assumed that MAC authentication will use an existing MAC
address. The following conditions apply for concurrent Web and MAC authen-
tication:
■
A specific MAC address cannot be authenticated by both Web and
MAC authentication at the same time.
■
Each new Web/MAC Auth client always initiates a MAC authentica-
tion attempt. This same client can also initiate Web authentication at
any time before the MAC authentication succeeds. If either authenti-
cation succeeds then the other authentication (if in progress) is
ended. No further Web/MAC authentication attempts are allowed
until the client is deauthenticated.
■
Web and MAC authentications are not allowed on the same port if
unauthenticated VLAN (that is, a guest VLAN) is enabled for MAC
authentication. An unauthenticated VLAN can’t be enabled for MAC
authentication if Web and MAC authentication are both enabled on
the port.
■
Hitless reauthentication must be of the same type (MAC) that was
used for the initial authentication. Non-hitless reauthentication can
be of any type.
The remaining Web/MAC functionality, including interactions with 802.1X,
remains the same. Web and MAC authentication can be used for different
clients on the same port.
Normally, MAC authentication finishes much sooner than Web authentication.
However, if Web authentication should complete first, MAC authentication
will cease even though it is possible that MAC authentication could succeed.
There is no guarantee that MAC authentication ends before Web authentica-
tion begins for the client.
Concurrent Web and MAC authentication is backward compatible with all
existing user configurations.
Authorized and Unauthorized Client VLANs
Web-Auth and MAC-Auth provide a port-based solution in which a port
belongs to one, untagged VLAN at a time. The switch supports up to 32
simultaneous client sessions per port. All authenticated client sessions
operate in the same untagged VLAN. (If you want the switch to simultaneously
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......