HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 464
as defined in the, 1X standard, Authentication Server, Authenticator, CHAP MD5, Client
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 464 highlights
Configuring Port-Based and User-Based Access Control (802.1X) Terminology a port loses its authenticated client connection, it drops its membership in this VLAN. Note that with multiple clients on a port, all such clients use the same untagged, port-based VLAN membership. Authentication Server: The entity providing an authentication service to the switch when the switch is configured to operate as an authenticator. In the case of a switch running 802.1X, this is a RADIUS server (unless local authentication is used, in which case the switch performs this function using its own username and password for authenticating a supplicant). Authenticator: In ProCurve applications, a switch that requires a supplicant to provide the proper credentials before being allowed access to the network. CHAP (MD5): Challenge Handshake Authentication Protocol. Client: In this application, an end-node device such as a management station, workstation, or mobile PC linked to the switch through a point-to-point LAN link. User-Based Authentication: The 802.1X extension in the switches covered in this guide. In this operation, multiple clients on the same port must individually authenticate themselves. Guest VLAN: See "Unauthorized-Client VLAN". EAP (Extensible Authentication Protocol): EAP enables network access that supports multiple authentication methods. EAPOL: Extensible Authentication Protocol Over LAN, as defined in the 802.1X standard. Friendly Client: A client that does not pose a security risk if given access to the switch and your network. MD5: An algorithm for calculating a unique digital signature over a stream of bytes. It is used by CHAP to perform authentication without revealing the shared secret (password). PVID (Port VID): This is the VLAN ID for the untagged VLAN to which an 802.1X port belongs. Port-Based Authentication: In this operation, the first client on a port to authenticate itself unblocks the port for the duration of the client's 802.1X authenticated session. The switches covered in this guide use port-based authentication. 12-8