HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 350
B. Specify User-Based Authentication or Return to Port, Based Authentication
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 350 highlights
Configuring Port-Based and User-Based Access Control (802.1X) Configuring Switch Ports as 802.1X Authenticators B. Specify User-Based Authentication or Return to PortBased Authentication User-Based 802.1X Authentication. Syntax: aaa port-access authenticator client-limit < port-list > < 1 - 32 > Used after executing aaa port-access authenticator < port-list > (above) to convert authentication from port-based to userbased. Specifies user-based 802.1X authentication and the maximum number of 802.1X-authenticated client sessions allowed on each of the ports in < port-list >. If a port currently has no authenticated client sessions, the next authenticated client session the port accepts determines the untagged VLAN membership to which the port is assigned during the session. If another client session begins later on the same port while an earlier session is active, the later session will be on the same untagged VLAN membership as the earlier session. Note: Because a switch allows 802.1X authentication and Web or MAC authentication to co-exist on the same port, the sum of authenticated client sessions allowed on a given port for both 802.1X and either Web- or MAC-authentication cannot exceed 32. Port-Based 802.1X Authentication. no aaa port-access authenticator client-limit Used to convert a port from user-based authentication to port-based authentication, which is the default setting for ports on which authentication is enabled. (Executing aaa port-access authenticator < port-list > enables 802.1X authentication on < port-list > and enables port-based authentication-page 10-19.) If a port currently has no authenticated client sessions, the next authenticated client session the port accepts determines the untagged VLAN membership to which the port is assigned during the session. If another authenticated client session begins later on the same port while an earlier session is active, the later session replaces the currently active session and will be on the untagged VLAN membership specified by the RADIUS server for the later session. 10-20