HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 84
Configuring 802.1X, HP implementation of 802.1X, Access control methods
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 84 highlights
Configuring 802.1X This chapter describes how to configure 802.1X on an HP device. You can also configure the port security feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication. It applies to a network that requires different authentication methods for different users on a port. Port security is beyond the scope of this chapter. It is described in "Port security configuration." HP implementation of 802.1X Access control methods HP implements port-based access control as defined in the 802.1X protocol, and extends the protocol to support MAC-based access control. • Port-based access control-Once an 802.1X user passes authentication on a port, any subsequent user can access the network through the port without authentication. When the authenticated user logs off, all other users are logged off. • MAC-based access control-Each user is separately authenticated on a port. When a user logs off, no other online users are affected. Using 802.1X authentication with other features VLAN assignment You can configure the authentication server to assign a VLAN for an 802.1X user that has passed authentication. The way that the network access device handles VLANs on an 802.1X-enabled port differs by 802.1X access control mode. For more information about VLAN configuration and MAC-based VLAN, see Layer 2-LAN Switching Configuration Guide. Access control Port-based MAC-based VLAN manipulation Assigns the VLAN to the port as the port VLAN ID (PVID). All subsequent 802.1X users can access the port VLAN without authentication. When the user logs off, the previous PVID restores, and all other online users are logged off. • If the port is a hybrid port with MAC-based VLAN enabled, maps the MAC address of each user to the VLAN assigned by the authentication server. The PVID of the port does not change. When a user logs off, the MAC-to-VLAN mapping for the user is removed. • If the port is an access, trunk, or MAC-based VLAN disabled hybrid port, assigns the first authenticated user's VLAN to the port as the PVID. If a different VLAN is assigned to a subsequent user, the user cannot pass the authentication. To avoid the authentication failure of subsequent users, be sure to assign the same VLAN to all 802.1X users on these ports. 74