6-71
RADIUS Authentication, Authorization, and Accounting
Dynamic Removal of Authentication Limits
If the VSA client limit decreases the switch’s configured client limit, all clients
except the client that is overriding the settings is deauthenticated. Only one
client session at a time can override the port-access settings on a port. When
the client session is deauthenticated, the port resets itself to the configured
settings. This port reset causes the deauthentication of all clients for the port-
access authentication types that had their settings changed dynamically.
The new VSAs are:
■
HP-Port-Client-Limit-Dot1x
: This VSA temporarily alters the
802.1X authentication client limit to the value contained in the VSA.
Values range from 0 to 32 clients. A zero client limit means this VSA
is disabled. This is an HP proprietary VSA with a value of 10.
■
HP-Port-Client-Limit-MA
: This VSA temporarily alters the MAC
authentication client limit to the value contained in the VSA. Values
range from 0 to 256 clients. A zero client limit means this VSA is
disabled. This is an HP proprietary VSA with a value of 11.
■
HP-Port-Client-Limit-WA
: This VSA temporarily alters the Web
authentication client limit to the value contained in the VSA. Values
range from 0 to 256 clients. A zero client limit means this VSA is
disabled. This is an HP proprietary VSA with a value of 12.
■
HP-Port-Auth-Mode-Dot1x
: This VSA temporarily alters the 802.1X
authentication mode to be either port-based or user-based depending
on the value in the VSA. A port-based VSA is set with a value of 1; a
user-based VSA is set with a value of 2. This is an HP proprietary VSA
with a value of 13.
If an 802.1X port is operating in port-based mode, it is invalid to set the
802.1X client limit using the HP-Port-Client-Limit VSA.
N o t e
The changing of the client limits for a port using VSAs is temporary. The
running configuration file is not changed and still displays the client limit and
address limit settings.
Each authentication type may have a unique value for the client limit. If the
value of the VSA is zero, the authentication type corresponding to that VSA
will be disabled.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......