13-8
Configuring Port-Based and User-Based Access Control (802.1X)
General 802.1X Authenticator Operation
General 802.1X Authenticator Operation
This operation provides security on a point-to-point link between a client and
the switch, where both devices are 802.1X-aware. (If you expect desirable
clients that do not have the necessary 802.1X supplicant software, you can
provide a path for downloading such software by using the 802.1X Open VLAN
mode—refer to “802.1X Open VLAN Mode” on page 13-32.)
Example of the Authentication Process
Suppose that you have configured a port on the switch for 802.1X authentica-
tion operation, which blocks access to the LAN through that port. If you then
connect an 802.1X-aware client (supplicant) to the port and attempt to log on:
1.
The switch responds with an identity request.
2.
The client responds with a user name that uniquely defines this request
for the client.
3.
The switch responds in one of the following ways:
•
If 802.1X on the switch is configured for RADIUS authentication, the
switch then forwards the request to a RADIUS server.
i.
The server responds with an access challenge which the switch
forwards to the client.
ii.
The client then provides identifying credentials (such as a user
certificate), which the switch forwards to the RADIUS server.
iii. The RADIUS server then checks the credentials provided by the
client.
iv. If the client is successfully authenticated and authorized to con-
nect to the network, then the server notifies the switch to allow
access to the client. Otherwise, access is denied and the port
remains blocked.
•
If 802.1X on the switch is configured for local authentication, then:
i.
The switch compares the client’s credentials to the username and
password configured in the switch (Operator level).
ii.
If the client is successfully authenticated and authorized to con-
nect to the network, then the switch allows access to the client.
Otherwise, access is denied and the port remains blocked for that
client.
Содержание HP ProCurve Series 6600
Страница 2: ......
Страница 6: ...iv ...
Страница 26: ...xxiv ...
Страница 102: ...2 48 Configuring Username and Password Security Password Recovery ...
Страница 204: ...4 72 Web and MAC Authentication Client Status ...
Страница 550: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 612: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 734: ...14 44 Configuring and Monitoring Port Security Operating Notes for Port Security ...
Страница 756: ...16 8 Key Management System Configuring Key Chain Management ...
Страница 776: ...20 Index web server proxy 14 42 webagent access 6 6 wildcard See ACL wildcard See ACL ...
Страница 777: ......