Using Triple Authentication With Other Features; Configuring Triple Authentication - HP 5120 EI Switch Series Configuration Manual

Upon receiving an HTTP packet from a terminal, the access port performs portal authentication on

the terminal.
If a terminal triggers different types of authentication, the authentications are processed at the same time.
A failure of one type of authentication does not affect the others. When a terminal passes one type of
authentication, the other types of authentication being performed are terminated. Then, whether the other
types of authentication can be triggered varies:
If a terminal passes 802.1X authentication or portal authentication, no other types of authentication

will be triggered for the terminal.
If the terminal passes MAC authentication, no portal authentication can be triggered for the

terminal, but 802.1X authentication can be triggered. When the terminal passes 802.1X
authentication, the 802.1X authentication information will overwrite the MAC authentication
information for the terminal.

Using triple authentication with other features

A port enabled with the three types of authentication also supports the following extended functions.
VLAN assignment
After a terminal passes authentication, the authentication server assigns a VLAN to the access port for the
access terminal. The terminal can then access the network resources in the server-assigned VLAN.
Auth-Fail VLAN or MAC authentication guest VLAN
After a terminal fails authentication, the access port:
Adds the terminal to an Auth-Fail VLAN, if it uses 802.1X or portal authentication service.

Adds the terminal to a MAC authentication guest VLAN, if it uses MAC authentication service.

A terminal may undergo all three types of authentication. If it fails to pass all types of authentication, the
access port adds the terminal to the 802.1X Auth-Fail VLAN.
Detection of online terminals
 You can enable an online detection timer to detect online portal clients. The timer defaults to 5
minutes, and is not configurable.
You can enable the online handshake or periodic online user re-authentication function to detect

online 802.1X clients at a configurable interval.
You can enable an offline detection timer to detect online MAC authentication terminals at a

configurable interval.
NOTE:
For more information about the extended functions, see the chapters "802.1X configuration," "MAC
authentication configuration," and "Portal configuration."

Configuring triple authentication

Follow these steps to configure triple authentication:
To do...
Configure 802.1X
authentication
Use the command...
See the chapter ―802.1X configuration‖
131
Remarks
Required