13-69
Configuring Port-Based and User-Based Access Control (802.1X)
How RADIUS/802.1X Authentication Affects VLAN Operation
supplicant port to another without clearing the statistics data from the first
port, the authenticator’s MAC address will appear in the supplicant statistics
for both ports.
How RADIUS/802.1X Authentication
Affects VLAN Operation
Static VLAN Requirement.
RADIUS authentication for an 802.1X client on
a given port can include a (static) VLAN requirement. (Refer to the documen-
tation provided with your RADIUS application.) The static VLAN to which a
RADIUS server assigns a client must already exist on the switch. If it does not
exist or is a dynamic VLAN (created by GVRP), authentication fails. Also, for
the session to proceed, the port must be an untagged member of the required
VLAN. If it is not, the switch temporarily reassigns the port as described below.
If the Port Used by the Client Is Not Configured as an Untagged
Member of the Required Static VLAN:
When a client is authenticated on
port “N”, if port “N” is not already configured as an untagged member of the
static VLAN specified by the RADIUS server, then the switch temporarily
assigns port “N” as an untagged member of the required VLAN (for the duration
of the 802.1X session).
At the same time, if port “N” is already configured as
an untagged member of another VLAN, port “N” loses access to that other
VLAN for the duration of the session.
(This is because a port can be an
untagged member of only one VLAN at a time.)
Using a RADIUS server to authenticate clients, you can provide port-level
security protection from unauthorized network access for the following
authentication methods:
■
802.1X: Port-based or client-based access control to open a port for client
access after authenticating valid user credentials.
■
MAC address: Authenticates a device’s MAC address to grant access to
the network.
■
WebAgent: Authenticates clients for network access using a web page for
user login.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......