Configuring Port-Based and User-Based Access Control (802.1X)
Terminology
a port loses its authenticated client connection, it drops its membership
in this VLAN. Note that with multiple clients on a port, all such clients use
the same untagged, port-based VLAN membership.
Authentication Server:
The entity providing an authentication service to
the switch when the switch is configured to operate as an authenticator.
In the case of a switch running 802.1X, this is a RADIUS server (unless
local authentication is used, in which case the switch performs this
function using its own username and password for authenticating a
supplicant).
Authenticator:
In ProCurve applications, a switch that requires a supplicant
to provide the proper credentials before being allowed access to the
network.
CHAP (MD5):
Challenge Handshake Authentication Protocol.
Client:
In this application, an end-node device such as a management station,
workstation, or mobile PC linked to the switch through a point-to-point
LAN link.
User-Based Authentication:
The 802.1X extension in the switches covered
in this guide. In this operation, multiple clients on the same port must
individually authenticate themselves.
Guest VLAN:
See “Unauthorized-Client VLAN”.
EAP
(Extensible Authentication Protocol)
:
EAP enables network access that
supports multiple authentication methods.
EAPOL:
Extensible Authentication Protocol Over LAN,
as defined in the
802.1X standard
.
Friendly Client:
A client that does not pose a security risk if given access to
the switch and your network.
MD5:
An algorithm for calculating a unique digital signature over a stream of
bytes. It is used by CHAP to perform authentication without revealing the
shared secret (password).
PVID (Port VID):
This is the VLAN ID for the untagged VLAN to which an
802.1X port belongs.
Port-Based Authentication:
In this operation, the first client on a port to
authenticate itself unblocks the port for the duration of the client’s 802.1X
authenticated session. The switches covered in this guide use port-based
authentication.
12-7
Содержание PROCURVE 2910AL
Страница 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Страница 2: ......
Страница 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Страница 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Страница 156: ...TACACS Authentication Operating Notes 4 30 ...
Страница 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Страница 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Страница 516: ...Configuring Port Based and User Based Access Control 802 1X Messages Related to 802 1X Operation 12 76 ...
Страница 527: ...Configuring and Monitoring Port Security Port Security Figure 13 4 Examples of Show Mac Address Outputs 13 11 ...
Страница 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Страница 592: ...12 Index ...
Страница 593: ......
Страница 594: ... Copyright 2009 Hewlett Packard Development Company L P February 2009 Manual Part Number 5992 5439 ...