Configuring Port-Based and User-Based Access Control (802.1X)
Overview
•
Port-Based access control option allowing authentication by a single
client to open the port. This option does not force a client limit and,
on a port opened by an authenticated client, allows unlimited client
access without requiring further authentication.
•
Supplicant implementation using CHAP authentication and indepen
dent user credentials on each port.
■
The local operator password configured with the
password
command for
management access to the switch is no longer accepted as an 802.1X
authenticator credential. The
password port-access
command configures
the local operator username and password used as 802.1X authentication
credentials for access to the switch. The values configured can be stored
in a configuration file using the
include-credentials
command. For infor
mation about the
password port-access
Before You Configure 802.1X Operation” on page 12-15.
■
On-demand change of a port’s configured VLAN membership status to
support the current client session.
■
Session accounting with a RADIUS server, including the accounting
update interval.
■
Use of Show commands to display session counters.
■
Support for concurrent use of 802.1X and either Web authentication or
MAC authentication on the same port.
■
For unauthenticated clients that do not have the necessary 802.1X suppli
cant software (or for other reasons related to unauthenticated clients),
there is the option to configure an
Unauthorized-Client VLAN
. This mode
allows you to assign unauthenticated clients to an isolated VLAN through
which you can provide the necessary supplicant software and/or other
services you want to extend to these clients.
User Authentication Methods
The switch offers two methods for using 802.1X access control. Generally, the
“Port Based” method supports one 802.1X-authenticated client on a port,
which opens the port to an unlimited number of clients. The “User-Based”
method supports up to eight 802.1X-authenticated clients on a port. In both
cases, there are operating details to be aware of that can influence your choice
of methods.
802.1X User-Based Access Control
802.1X operation with access control on a per-user basis provides client-level
security that allows LAN access to individual 802.1X clients (up to eight per
port), where each client gains access to the LAN by entering valid user
12-4
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......