HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 334
User Authentication Methods, 1X User-Based Access Control
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 334 highlights
Configuring Port-Based and User-Based Access Control (802.1X) Overview • Port-Based access control option allowing authentication by a single client to open the port. This option does not force a client limit and, on a port opened by an authenticated client, allows unlimited client access without requiring further authentication. • Supplicant implementation using CHAP authentication and independent user credentials on each port. ■ The local operator password configured with the password command for management access to the switch is no longer accepted as an 802.1X authenticator credential. The password port-access command configures the local operator username and password used as 802.1X authentication credentials for access to the switch. The values configured can be stored in a configuration file using the include-credentials command. For information about the password port-access command, see "Do These Steps Before You Configure 802.1X Operation" on page 10-14. ■ On-demand change of a port's configured VLAN membership status to support the current client session. ■ Session accounting with a RADIUS server, including the accounting update interval. ■ Use of Show commands to display session counters. ■ Support for concurrent use of 802.1X and either Web authentication or MAC authentication on the same port. ■ For unauthenticated clients that do not have the necessary 802.1X suppli- cant software (or for other reasons related to unauthenticated clients), there is the option to configure an Unauthorized-Client VLAN. This mode allows you to assign unauthenticated clients to an isolated VLAN through which you can provide the necessary supplicant software and/or other services you want to extend to these clients. User Authentication Methods The switch offers two methods for using 802.1X access control. Generally, the "Port Based" method supports one 802.1X-authenticated client on a port, which opens the port to an unlimited number of clients. The "User-Based" method supports up to 32 802.1X-authenticated clients on a port. In both cases, there are operating details to be aware of that can influence your choice of methods. 802.1X User-Based Access Control 802.1X operation with access control on a per-user basis provides client-level security that allows LAN access to individual 802.1X clients (up to 32 per port), where each client gains access to the LAN by entering valid user credentials. 10-4