HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 485
Example: Configuring 802.1X Controlled Directions, Unauthenticated VLAN Access (Guest VLAN Access)
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 485 highlights
Configuring Port-Based and User-Based Access Control (802.1X) Configuring Switch Ports as 802.1X Authenticators Because a port can be configured for more than one type of authentication to protect the switch from unauthorized access, the last setting you configure with the aaa port-access controlled-directions command is applied to all authentication methods configured on the switch. For information about how to configure and use MAC and Web authentication, refer to chapter 3, "Web and MAC Authentication". ■ To display the currently configured 802.1X Controlled Directions value, enter the show port-access authenticator config command as shown in Figure 12-12. ■ When an 802.1X-authenticated port is configured with the controlleddirections in setting, eavesdrop prevention is not supported on the port. Example: Configuring 802.1X Controlled Directions The following example shows how to enable the transmission of Wake-onLAN traffic in the egress direction on an 802.1X-aware port before it transitions to the 802.1X authenticated state and successfully authenticates a client device. ProCurve(config)# aaa port-access authenticator a10 ProCurve(config)# aaa authentication port-access eap-radius ProCurve(config)# aaa port-access authenticator active ProCurve(config)# aaa port-access a10 controlled-directions in Figure 12-7. Example of Configuring 802.1X Controlled Directions Unauthenticated VLAN Access (Guest VLAN Access) When a PC is connected through an IP phone to a switch port that has been authorized using 802.1X or Web/MAC authentication, the IP phone is authen ticated using client-based 802.1X or Web/MAC authentication and has access to secure, tagged VLANs on the port. If the PC is unauthenticated, it needs to have access to the insecure guest VLAN (unauthenticated VLAN) that has been configured for 802.1X or Web/MAC authentication. 802.1X and Web/MAC authentication normally do not allow authenticated clients (the phone) and unauthenticated clients (the PC) on the same port. Mixed port access mode allows 802.1X and Web/MAC authenticated and unauthenticated clients on the same port when the guest VLAN is the same as the port's current untagged authenticated VLAN for authenticated clients, or 12-29