HP MSR3024 TAA-compliant AC Router : HP MSR2000/3000/4000 Router Series Security Configuration Guide : Page 4

ii

802.1X client as the initiator································································································································ 53

Access device as the initiator ······························································································································· 54

802.1X authentication procedures ······························································································································ 54

A comparison of EAP relay and EAP termination ······························································································ 55

EAP relay ································································································································································ 55

EAP termination ····················································································································································· 57

Configuring 802.1X ·················································································································································· 59

HP implementation of 802.1X ······································································································································ 59

Configuration prerequisites ··········································································································································· 59

802.1X configuration task list ······································································································································· 59

Enabling 802.1X ···························································································································································· 60

Enabling EAP relay or EAP termination ······················································································································· 60

Setting the port authorization state ······························································································································ 61

Specifying an access control method ·························································································································· 61

Setting the maximum number of concurrent 802.1X users on a port ······································································· 61

Setting the maximum number of authentication request attempts ············································································· 62

Setting the 802.1X authentication timeout timers ······································································································· 62

Configuring the online user handshake function ········································································································ 63

Configuring the authentication trigger function ·········································································································· 63

Configuration guidelines ······································································································································ 63

Configuration procedure ······································································································································ 64

Specifying a mandatory authentication domain on a port ························································································ 64

Configuring the quiet timer ··········································································································································· 64

Enabling the periodic online user re-authentication function ····················································································· 65

Displaying and maintaining 802.1X ··························································································································· 65

802.1X authentication configuration example ··········································································································· 66

Network requirements ··········································································································································· 66

Configuration procedure ······································································································································ 66

Verifying the configuration ··································································································································· 68

Configuring MAC authentication ······························································································································ 69

Overview ········································································································································································· 69

User account policies ············································································································································ 69

Authentication methods········································································································································· 69

Configuration prerequisites ··········································································································································· 70

Configuration task list ···················································································································································· 70

Enabling MAC authentication ······································································································································ 70

Specifying a MAC authentication domain ·················································································································· 71

Configuring the user account format ···························································································································· 71

Configuring MAC authentication timers ······················································································································ 72

Setting the maximum number of concurrent MAC authentication users on a port ·················································· 72

Configuring MAC authentication delay ······················································································································· 73

Displaying and maintaining MAC authentication ······································································································ 73

Local MAC authentication configuration example ····································································································· 74

Network requirements ··········································································································································· 74

Configuration procedure ······································································································································ 74

Verifying the configuration ··································································································································· 75

RADIUS-based MAC authentication configuration example ····················································································· 75

Network requirements ··········································································································································· 75

Configuration procedure ······································································································································ 76

Verifying the configuration ··································································································································· 77

Configuring password control ··································································································································· 78

Overview ········································································································································································· 78

Password setting ···················································································································································· 78