HP MSR4060 Router Chassis : R0106-HP MSR Router Series Security Configuration Guide(V7) : Page 4

ii

Packet formats ························································································································································ 69

EAP over RADIUS ·················································································································································· 70

Initiating 802.1X authentication ··································································································································· 71

802.1X client as the initiator································································································································ 71

Access device as the initiator ······························································································································· 71

802.1X authentication procedures ······························································································································ 71

Comparing EAP relay and EAP termination ······································································································· 72

EAP relay ································································································································································ 73

EAP termination ····················································································································································· 74

Configuring 802.1X ·················································································································································· 76

Feature and hardware compatibility ···························································································································· 76

Access control methods ················································································································································· 76

802.1X VLAN manipulation ········································································································································· 76

Authorization VLAN ·············································································································································· 76

Guest VLAN ··························································································································································· 78

Auth-Fail VLAN ······················································································································································ 79

Critical VLAN ························································································································································· 80

Using 802.1X authentication with SmartOn ··············································································································· 81

Configuration prerequisites ··········································································································································· 82

802.1X configuration task list ······································································································································· 82

Enabling 802.1X ···························································································································································· 83

Enabling EAP relay or EAP termination ······················································································································· 83

Setting the port authorization state ······························································································································ 84

Specifying an access control method ·························································································································· 84

Setting the maximum number of concurrent 802.1X users on a port ······································································· 84

Setting the maximum number of authentication request attempts ············································································· 85

Setting the 802.1X authentication timeout timers ······································································································· 85

Configuring the online user handshake function ········································································································ 86

Configuring the authentication trigger function ·········································································································· 86

Configuration guidelines ······································································································································ 87

Configuration procedure ······································································································································ 87

Specifying a mandatory authentication domain on a port ························································································ 87

Configuring the quiet timer ··········································································································································· 88

Enabling the periodic online user reauthentication function ····················································································· 88

Configuring an 802.1X guest VLAN ··························································································································· 89

Configuration guidelines ······································································································································ 89

Configuration prerequisites ·································································································································· 89

Configuration procedure ······································································································································ 89

Configuring an 802.1X Auth-Fail VLAN ······················································································································ 90

Configuration guidelines ······································································································································ 90

Configuration prerequisites ·································································································································· 90

Configuration procedure ······································································································································ 90

Configuring an 802.1X critical VLAN ························································································································· 90

Configuration guidelines ······································································································································ 90

Configuration prerequisites ·································································································································· 90

Configuration procedure ······································································································································ 91

Specifying supported domain name delimiters ··········································································································· 91

Configuring 802.1X SmartOn ······································································································································ 91

Displaying and maintaining 802.1X ··························································································································· 92

802.1X authentication configuration examples ·········································································································· 93

Basic 802.1X authentication configuration example ························································································ 93

802.1X guest VLAN and authorization VLAN configuration example ··························································· 95

802.1X SmartOn configuration example ··········································································································· 97