Configuring Port-Based and User-Based Access Control (802.1X)
Terminology
This operation unblocks the port while an authenticated client session is in
progress. In topologies where simultaneous, multiple client access is possible
this can allow unauthorized and unauthenticated access by another client
while an authenticated client is using the port. If you want to allow only
authenticated clients on the port, then user-based access control (page 12-4)
should be used instead of port-based access control. Using the user-based
method enables you to specify up to eight authenticated clients.
N o t e
Port-Based 802.1X can operate concurrently with Web-Authentication or
MAC-Authentication on the same port. However, this is not a commonly used
application and is not generally recommended. For more information, refer
to the operating note on page 12-13.
Alternative To Using a RADIUS Server
Note that you can also configure 802.1X for authentication through the
switch’s local username and password instead of a RADIUS server, but doing
so increases the administrative burden, decentralizes user credential admin
istration, and reduces security by limiting authentication to one Operator
password set for all users.
Accounting
The switches covered in this guide also provide RADIUS Network accounting
for 802.1X access. Refer to chapter 5, “RADIUS-Administered CoS and Rate-
Limiting”.
Terminology
802.1X-Aware:
Refers to a device that is running either 802.1X authenticator
software or 802.1X client software and is capable of interacting with other
devices on the basis of the IEEE 802.1X standard.
Authorized-Client VLAN:
Like the Unauthorized-Client VLAN, this is a
conventional, static VLAN previously configured on the switch by the
System Administrator. The intent in using this VLAN is to provide authen
ticated clients with network services that are not available on either the
port’s statically configured VLAN memberships or any VLAN member
ships that may be assigned during the RADIUS authentication process.
While an 802.1X port is a member of this VLAN, the port is untagged. When
12-6
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......