HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 88
MAC Authentication, Concurrent Web and MAC Authentication
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 88 highlights
Web and MAC Authentication Overview Note ■ In the login page, a client enters a username and password, which the switch forwards to a RADIUS server for authentication. After authen ticating a client, the switch grants access to the secured network. Besides a web browser, the client needs no special supplicant soft ware. MAC Authentication The MAC Authentication (MAC-Auth) method grants access to a secure network by authenticating devices for access to the network. When a device connects to the switch, either by direct link or through the network, the switch forwards the device's MAC address to the RADIUS server for authentication. The RADIUS server uses the device MAC address as the username and password, and grants or denies network access in the same way that it does for clients capable of interactive logons. (The process does not use either a client device configuration or a logon session.) MAC authentication is wellsuited for clients that are not capable of providing interactive logons, such as telephones, printers, and wireless access points. Also, because most RADIUS servers allow for authentication to depend on the source switch and port through which the client connects to the network, you can use MAC-Auth to "lock" a particular device to a specific switch and port. 802.1X port-access, Web authentication, and MAC authentication can be configured at the same time on the same port. A maximum of 32 clients is supported on the port. (The default is one client.) Web and/or MAC authentication and MAC lockdown, MAC lockout, and portsecurity are mutually exclusive on a given port. If you configure any of these authentication methods on a port, you must disable LACP on the port. Concurrent Web and MAC Authentication Web authentication and MAC authentication can be configured at the same time on a port. It is assumed that MAC authentication will use an existing MAC address. The following conditions apply for concurrent Web and MAC authen tication: ■ A specific MAC address cannot be authenticated by both Web and MAC authentication at the same time. 3-4