Using 802.1X Authentication With Other Features - HP 1920 Series User Manual
Hide thumbs
Also See for 1920 Series:
- User manual (547 pages) ,
- Getting started manual (33 pages) ,
- Supplementary manual (63 pages)
Table of Contents
Advertisement
•
•
•
Using 802.1X authentication with other features
VLAN assignment
You can configure the authentication server to assign a VLAN for an 802.1X user that has passed
authentication. The way that the network access device handles VLANs on an 802.1X-enabled port
differs by 802.1X access control mode.
With 802.1X authentication, a hybrid port is always assigned to a VLAN as an untagged member. After
the assignment, do not reconfigure the port as a tagged member in the VLAN.
On a periodic online user re-authentication enabled port, if a user has been online before you enable the
MAC-based VLAN function, the access device does not create a MAC-to-VLAN mapping for the user
unless the user passes re-authentication and the VLAN for the user has changed.
Guest VLAN
You can configure a guest VLAN on a port to accommodate users that have not performed 802.1X
authentication, so they can access a limited set of network resources, such as a software server, to
download anti-virus software and system patches. Once a user in the guest VLAN passes 802.1X
authentication, it is removed from the guest VLAN and can access authorized network resources. The
way that the network access device handles VLANs on the port differs by 802.1X access control mode.
•
Downloaded from
www.Manualslib.com
Handshake timer—Sets the interval at which the access device sends client handshake requests to
check the online status of a client that has passed authentication. If the device receives no response
after sending the maximum number of handshake requests, it considers that the client has logged
off. For information about how to enable the online user handshake function, see
802.1X on a
port."
Quiet timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
Periodic online user re-authentication timer—Sets the interval at which the network device
periodically re-authenticates online 802.1X users. For information about how to enable periodic
online user re-authentication on a port, see
Access control
VLAN manipulation
Assigns the VLAN to the port as the port VLAN (PVID). The authenticated 802.1X
user and all subsequent 802.1X users can access the VLAN without authentication.
Port-based
When the user logs off, the previous PVID restores, and all other online users are
logged off.
•
MAC-based
•
On a port that performs port-based access control:
manuals search engine
"Configuring 802.1X on a
If the port is a hybrid port with MAC-based VLAN enabled, the device maps the
MAC address of each user to the VLAN assigned by the authentication server.
The PVID of the port does not change. When a user logs off, the MAC-to-VLAN
mapping for the user is removed.
If the port is an access, trunk, or MAC-based VLAN disabled hybrid port, the
device assigns the first authenticated user's VLAN to the port as the PVID. If a
different VLAN is assigned to a subsequent user, the user cannot pass the
authentication. To avoid the authentication failure of subsequent users, be sure to
assign the same VLAN to all 802.1X users on these ports.
329
"Configuring
port."
Hide quick links:
Advertisement
Table of Contents
