HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 96
Operating Rules and Notes, Port Access, Management
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 96 highlights
Web and MAC Authentication Operating Rules and Notes Port Access Management Operating Rules and Notes ■ The switch supports concurrent 802.1X , Web and MAC authentication operation on a port (with up to 2 clients allowed). However, concur rent operation of Web and MAC authentication with other types of authentication on the same port is not supported. That is, the following authentication types are mutually exclusive on a given port: • Web and/or MAC Authentication (with or without 802.1X) • MAC lockdown • MAC lockout • Port-Security ■ Order of Precedence for Port Access Management (highest to lowest): a. MAC lockout b. MAC lockdown or Port Security c. Port-based Access Control (802.1X) or Web Authentication or MAC Authentication When configuring a port for Web or MAC Authentication, be sure that a higher precedent port access management feature is not enabled on the port. For example, be sure that Port Security is disabled on a port before configuring the port for Web or MAC Authentication. If Port Security is enabled on the port this misconfiguration does not allow Web or MAC Authentication to occur. ■ VLANs: If your LAN does not use multiple VLANs, then you do not need to configure VLAN assignments in your RADIUS server or consider using either Authorized or Unauthorized VLANs. If your LAN does use multiple VLANs, then some of the following factors may apply to your use of Web-Auth and MAC-Auth. • Web-Auth and MAC-Auth operate only with port-based VLANs. Oper ation with protocol VLANs is not supported, and clients do not have access to protocol VLANs during Web-Auth and MAC-Auth sessions. • A port can belong to one, untagged VLAN during any client session. Where multiple authenticated clients may simultaneously use the same port, they must all be capable of operating on the same VLAN. • During an authenticated client session, the following hierarchy deter mines a port's VLAN membership: 3-12