HP HSR68xx Configure-to-Order Router Solution : R3303-HP HSR6800 Routers Security Configuration Guide : Page 4

ii

802.1X client as the initiator································································································································ 76

Access device as the initiator ······························································································································· 77

802.1X authentication procedures ······························································································································ 77

A comparison of EAP relay and EAP termination ······························································································ 78

EAP relay ································································································································································ 78

EAP termination ····················································································································································· 80

Configuring 802.1X ·················································································································································· 82

HP implementation of 802.1X ······································································································································ 82

Access control methods ········································································································································ 82

Using 802.1X authentication with other features ······························································································ 82

Configuration prerequisites ··········································································································································· 86

802.1X configuration task list ······································································································································· 87

Enabling 802.1X ···························································································································································· 87

Enabling EAP relay or EAP termination ······················································································································· 88

Setting the port authorization state ······························································································································ 88

Specifying an access control method ·························································································································· 89

Setting the maximum number of concurrent 802.1X users on a port ······································································· 89

Setting the maximum number of authentication request attempts ············································································· 90

Setting the 802.1X authentication timeout timers ······································································································· 90

Configuring the online user handshake function ········································································································ 91

Configuration guidelines ······································································································································ 91

Configuration procedure ······································································································································ 91

Enabling the proxy detection function ························································································································· 92

Configuring the authentication trigger function ·········································································································· 92

Configuration guidelines ······································································································································ 93

Configuration procedure ······································································································································ 93

Specifying a mandatory authentication domain on a port ························································································ 93

Configuring the quiet timer ··········································································································································· 94

Enabling the periodic online user re-authentication function ····················································································· 94

Configuring an 802.1X guest VLAN ··························································································································· 95

Configuring an Auth-Fail VLAN ···································································································································· 95

Configuring an 802.1X critical VLAN ························································································································· 96

Specifying supported domain name delimiters ··········································································································· 97

Displaying and maintaining 802.1X ··························································································································· 97

802.1X authentication configuration example ··········································································································· 98

Network requirements ··········································································································································· 98

Configuration procedure ······································································································································ 98

Verifying the configuration ································································································································· 100

802.1X guest VLAN and VLAN assignment configuration example ······································································ 100

Network requirements ········································································································································· 100

Configuration procedure ···································································································································· 101

Verifying the configuration ································································································································· 102

802.1X with ACL assignment configuration example ····························································································· 103

Network requirements ········································································································································· 103

Configuration procedure ···································································································································· 103

Verifying the configuration ································································································································· 104

Configuring EAD fast deployment ························································································································· 105

Overview ······································································································································································· 105

Free IP ··································································································································································· 105

URL redirection ····················································································································································· 105

Configuration prerequisites ········································································································································· 105

Configuring a free IP ··················································································································································· 105

Configuring the redirect URL ······································································································································· 106