HP MSR1003-8 AC Router : R2511-HP MSR Router Series Security Configuration Guide(V5) : Page 4

ii

802.1X overview ······················································································································································· 80

802.1X architecture ······················································································································································· 80

Controlled/uncontrolled port and port authorization status ······················································································ 80

802.1X-related protocols ·············································································································································· 81

Packet formats ························································································································································ 82

EAP over RADIUS ·················································································································································· 83

Initiating 802.1X authentication ··································································································································· 83

802.1X client as the initiator································································································································ 83

Access device as the initiator ······························································································································· 84

802.1X authentication procedures ······························································································································ 84

Comparing EAP relay and EAP termination ······································································································· 85

EAP relay ································································································································································ 85

EAP termination ····················································································································································· 86

Configuring 802.1X ·················································································································································· 88

HP implementation of 802.1X ······································································································································ 88

Access control methods ········································································································································ 88

Using 802.1X authentication with other features ······························································································ 88

Configuration prerequisites ··········································································································································· 91

802.1X configuration task list ······································································································································· 91

Enabling 802.1X ···························································································································································· 92

Enabling EAP relay or EAP termination ······················································································································· 92

Setting the port authorization state ······························································································································ 93

Specifying an access control method ·························································································································· 94

Setting the maximum number of concurrent 802.1X users on a port ······································································· 94

Setting the maximum number of authentication request attempts ············································································· 95

Setting the 802.1X authentication timeout timers ······································································································· 95

Configuring the online user handshake function ········································································································ 95

Configuration guidelines ······································································································································ 96

Configuration procedure ······································································································································ 96

Enabling the proxy detection function ························································································································· 96

Configuring the authentication trigger function ·········································································································· 97

Configuration guidelines ······································································································································ 97

Configuration procedure ······································································································································ 98

Specifying a mandatory authentication domain on a port ························································································ 98

Configuring the quiet timer ··········································································································································· 98

Enabling the periodic online user re-authentication function ····················································································· 99

Configuring an 802.1X guest VLAN ··························································································································· 99

Configuration guidelines ······································································································································ 99

Configuration prerequisites ································································································································ 100

Configuration procedure ···································································································································· 100

Configuring an Auth-Fail VLAN ·································································································································· 100

Configuration guidelines ···································································································································· 100

Configuration prerequisites ································································································································ 100

Configuration procedure ···································································································································· 101

Configuring an 802.1X critical VLAN ······················································································································· 101

Configuration guidelines ···································································································································· 101

Configuration prerequisites ································································································································ 101

Configuration procedure ···································································································································· 101

Specifying supported domain name delimiters ········································································································· 102

Displaying and maintaining 802.1X ························································································································· 102

802.1X authentication configuration example ········································································································· 103

Network requirements ········································································································································· 103

Configuration procedure ···································································································································· 103

Verifying the configuration ································································································································· 105