HP ProCurve 9304M Security Manual page 123

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Multi-Device Port Authentication

Overviewn

Multi-device port authentication is a way to configure an HP device to forward or block traffic from a MAC

address based on information received from a RADIUS server.

This chapter is divided into the following sections:

•

"How Multi-Device Port Authentication Works" below explains basic concepts about multi-device port

authentication.

•

"Configuring Multi-Device Port Authentication" on page 6-2 describes how to set up multi-device port

authentication on HP devices using the Command Line Interface (CLI).

•

"Displaying Multi-Device Port Authentication Information" on page 6-8 describes the commands used to

display information about a multi-device port authentication configuration.

NOTE: This feature is supported on HP devices running Enterprise software release 07.6.06 or higher.

How Multi-Device Port Authentication Works

The multi-device port authentication feature is a mechanism by which incoming traffic originating from a specific

MAC address is switched or forwarded by the device only if the source MAC address is successfully authenticated

by a RADIUS server. The MAC address itself is used as the username and password for RADIUS authentication;

the user does not need to provide a specific username and password to gain access to the network. If RADIUS

authentication for the MAC address is successful, traffic from the MAC address is forwarded in hardware.

If the RADIUS server cannot validate the user's MAC address, then it is considered an authentication failure, and

a specified authentication-failure action can be taken. The default authentication-failure action is to drop traffic

from the non-authenticated MAC address in hardware. You can also configure the device to move the port on

which the non-authenticated MAC address was learned into a restricted or "guest" VLAN, which may have limited

access to the network.

RADIUS Authentication

The multi-device port authentication feature communicates with the RADIUS server to authenticate a newly found

MAC address. The HP device supports multiple RADIUS servers; if communication with one of the RADIUS

servers times out, the others are tried in sequential order. If a response from a RADIUS server is not received

within a specified time (by default, 3 seconds) the RADIUS session times out, and the device retries the request

up to three times. If no response is received, the next RADIUS server is chosen, and the request is sent for

authentication.

June 2005

Chapter 6

6 - 1

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 123

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents