3-4
Web and MAC Authentication
Overview
General Features
Web and MAC Authentication includes the following:
■
On a port configured for Web or MAC Authentication, the switch
operates as a port-access authenticator using a RADIUS server and
CHAP (Challenge Handshake AuthenticationProtocol). Inbound
traffic is processed by the switch alone, until authentication occurs.
Some traffic from the switch is available to an unauthorized client (for
example, broadcast or unknown destination packets) before authen-
tication occurs.
■
Proxy servers may not be used by browsers accessing the switch
through ports using Web Authentication.
■
You can optionally configure the switch to temporarily assign “autho-
rized” and “unauthorized” VLAN memberships on a per-port basis to
provide different services and access to authenticated and unauthen-
ticated clients.
■
Web pages for username and password entry and the display of
authorization status are provided when using Web Authentication.
■
You can use the RADIUS server to temporarily assign a port to a static
VLAN to support an authenticated client. When a RADIUS server
authenticates a client, the switch-port membership during the client’s
connection is determined according to the following hierarchy:
1.
A RADIUS-assigned VLAN
2.
An authorized VLAN specified in the Web- or MAC-Auth configuration
for the subject port.
3.
A static, port-based, untagged VLAN to which the port is configured.
A RADIUS-assigned VLAN has priority over switch-port membership
in any VLAN.
■
You can allow wireless clients to move between switch ports under
Web/MAC Authentication control. Clients may move from one Web
authorized port to another or from one MAC authorized port to
another. This capability allows wireless clients to move from one
access point to another without having to reauthenticate.
■
Unlike 802.1X operation, clients do not need supplicant software for
Web or MAC Authentication; only a Web browser (for Web Authenti-
cation) or a MAC address (for MAC Authentication).
■
You can use “Show” commands to display session status and port-
access configuration settings.
Summary of Contents for ProCurve 2510-24
Page 1: ...Access Security Guide 2510 www procurve com ProCurve Switches Q 11 XX 2510 24 U 11 XX 2510 48 ...
Page 2: ......
Page 3: ...ProCurve Series 2510 Switches Access Security Guide July 2008 ...
Page 26: ...1 10 Getting Started Need Only a Quick Start ...
Page 104: ...4 30 TACACS Authentication Configuring TACACS on the Switch ...
Page 144: ...5 40 RADIUS Authentication Authorization and Accounting Messages Related to RADIUS Operation ...
Page 174: ...6 30 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 196: ...7 22 Configuring Secure Socket Layer SSL Common Errors in SSL Setup ...
Page 294: ...9 40 Configuring and Monitoring Port Security Configuring Protected Ports ...
Page 308: ...10 14 Using Authorized IP Managers Operating Notes ...
Page 316: ...8 Index ...
Page 317: ......