Manualshelf

R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
12345678910
ii
802.1X overview ······················································································································································· 61
802.1X architecture ······················································································································································· 61
Controlled/uncontrolled port and port authorization status ······················································································ 61
802.1X-related protocols ·············································································································································· 62
Packet formats ························································································································································ 62
EAP over RADIUS ·················································································································································· 63
Initiating 802.1X authentication ··································································································································· 64
802.1X client as the initiator································································································································ 64
Access device as the initiator ······························································································································· 64
802.1X authentication procedures ······························································································································ 65
Comparing EAP relay and EAP termination ······································································································· 65
EAP relay ································································································································································ 66
EAP termination ····················································································································································· 67
Configuring 802.1X ·················································································································································· 69
HP implementation of 802.1X ······································································································································ 69
Configuration prerequisites ··········································································································································· 69
802.1X configuration task list ······································································································································· 69
Enabling 802.1X ···························································································································································· 70
Enabling EAP relay or EAP termination ······················································································································· 70
Setting the port authorization state ······························································································································ 71
Specifying an access control method ·························································································································· 71
Setting the maximum number of concurrent 802.1X users on a port ······································································· 71
Setting the maximum number of authentication request attempts ············································································· 72
Setting the 802.1X authentication timeout timers ······································································································· 72
Configuring the online user handshake function ········································································································ 73
Configuring the authentication trigger function ·········································································································· 73
Configuration guidelines ······································································································································ 74
Configuration procedure ······································································································································ 74
Specifying a mandatory authentication domain on a port ························································································ 74
Configuring the quiet timer ··········································································································································· 75
Enabling the periodic online user re-authentication function ····················································································· 75
Displaying and maintaining 802.1X ··························································································································· 75
802.1X authentication configuration example ··········································································································· 76
Network requirements ··········································································································································· 76
Configuration procedure ······································································································································ 76
Verifying the configuration ··································································································································· 78
Configuring MAC authentication ······························································································································ 79
Overview ········································································································································································· 79
User account policies ············································································································································ 79
Authentication methods········································································································································· 79
Configuration prerequisites ··········································································································································· 80
Configuration task list ···················································································································································· 80
Enabling MAC authentication ······································································································································ 80
Specifying a MAC authentication domain ·················································································································· 81
Configuring the user account format ···························································································································· 81
Configuring MAC authentication timers ······················································································································ 82
Setting the maximum number of concurrent MAC authentication users on a port ·················································· 82
Configuring MAC authentication delay ······················································································································· 83
Displaying and maintaining MAC authentication ······································································································ 83
MAC authentication configuration examples ·············································································································· 84
Local MAC authentication configuration example····························································································· 84
RADIUS-based MAC authentication configuration example············································································· 85