HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 139
Configuring the macAddressElseUserLoginSecure mode, Network requirements, Configuration procedure
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
802.1X Multicast-trigger is enabled Mandatory authentication domain: NOT configured Guest VLAN: NOT configured Auth-Fail VLAN: NOT configured Critical VLAN: NOT configured Critical recovery-action: NOT configured Max number of on-line users is 2048 EAPOL Packet: Tx 16331, Rx 102 Sent EAP Request/Identity Packets : 16316 EAP Request/Challenge Packets: 6 EAP Success Packets: 4, Fail Packets: 5 Received EAPOL Start Packets : 6 EAPOL LogOff Packets: 2 EAP Response/Identity Packets : 80 EAP Response/Challenge Packets: 6 Error Packets: 0 1. Authenticated user : MAC address: 0002-0000-0011 Controlled User(s) amount to 1 In addition, the port allows an additional user whose MAC address has an OUI among the specified OUIs to access the port. # Display MAC address information for interface GigabitEthernet 1/0/1. display mac-address interface gigabitethernet 1/0/1 MAC ADDR VLAN ID STATE PORT INDEX 1234-0300-0011 1 Learned GigabitEthernet1/0/1 AGING TIME(s) AGING --- 1 mac address(es) found --- Configuring the macAddressElseUserLoginSecure mode Network requirements As shown in Figure 41, a client is connected to the Device through GigabitEthernet 1/0/1. The Device authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized to access the Internet. Restrict port GigabitEthernet 1/0/1 of the Device: • Allow more than one MAC authenticated user to log on. • For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X authentication. Allow only one 802.1X user to log on. • Use MAC-based user accounts for MAC authentication users. The MAC addresses are hyphen separated and in lower case. • Set the total number of MAC authenticated users and 802.1X authenticated users to 64. • Enable NTK to prevent frames from being sent to unknown MAC addresses. Configuration procedure Configurations on the host and RADIUS servers are not shown. 129