R3303-HP 6600/HSR6600 Routers Security Configuration Guide
ii
Initiating 802.1X authentication ··································································································································· 77
802.1X client as the initiator································································································································ 77
Access device as the initiator ······························································································································· 77
802.1X authentication procedures ······························································································································ 78
A comparison of EAP relay and EAP termination ······························································································ 79
EAP relay ································································································································································ 79
EAP termination ····················································································································································· 81
Configuring 802.1X ·················································································································································· 83
HP implementation of 802.1X ······································································································································ 83
Access control methods ········································································································································ 83
Using 802.1X authentication with other features ······························································································ 83
Configuration prerequisites ··········································································································································· 87
802.1X configuration task list ······································································································································· 87
Enabling 802.1X ···························································································································································· 88
Enabling EAP relay or EAP termination ······················································································································· 89
Setting the port authorization state ······························································································································ 89
Specifying an access control method ·························································································································· 90
Setting the maximum number of concurrent 802.1X users on a port ······································································· 90
Setting the maximum number of authentication request attempts ············································································· 91
Setting the 802.1X authentication timeout timers ······································································································· 91
Configuring the online user handshake function ········································································································ 92
Configuration guidelines ······································································································································ 92
Configuration procedure ······································································································································ 92
Enabling the proxy detection function ························································································································· 93
Configuring the authentication trigger function ·········································································································· 93
Configuration guidelines ······································································································································ 94
Configuration procedure ······································································································································ 94
Specifying a mandatory authentication domain on a port ························································································ 94
Configuring the quiet timer ··········································································································································· 95
Enabling the periodic online user re-authentication function ····················································································· 95
Configuring an 802.1X guest VLAN ··························································································································· 96
Configuring an Auth-Fail VLAN ···································································································································· 96
Configuring an 802.1X critical VLAN ························································································································· 97
Specifying supported domain name delimiters ··········································································································· 98
Displaying and maintaining 802.1X ··························································································································· 99
802.1X authentication configuration example ··········································································································· 99
Network requirements ··········································································································································· 99
Configuration procedure ······································································································································ 99
Verifying the configuration ································································································································· 101
802.1X guest VLAN and VLAN assignment configuration example ······································································ 101
Network requirements ········································································································································· 101
Configuration procedure ···································································································································· 102
Verifying the configuration ································································································································· 103
802.1X with ACL assignment configuration example ····························································································· 104
Network requirements ········································································································································· 104
Configuration procedure ···································································································································· 104
Verifying the configuration ································································································································· 105
Configuring EAD fast deployment ························································································································· 106
Overview ······································································································································································· 106
Free IP ··································································································································································· 106
URL redirection ····················································································································································· 106
Configuration prerequisites ········································································································································· 106
Configuring a free IP ··················································································································································· 106