HPE FlexNetwork 7500 Series Security Configuration Manual page 5

Configuration prerequisites ···················································································································· 112
Configuration procedure ························································································································· 112
Specifying supported domain name delimiters ······························································································ 112
Enabling 802.1X user IP freezing ·················································································································· 113
Sending 802.1X protocol packets out of a port without VLAN tags ······························································· 113
Setting the maximum number of 802.1X authentication attempts for MAC authenticated users ··················· 114
Configuring the EAD assistant feature ··········································································································· 114
Configuring 802.1X SmartOn ························································································································· 115
Displaying and maintaining 802.1X ················································································································ 116
802.1X authentication configuration examples ······························································································ 116
Basic 802.1X authentication configuration example ·············································································· 116
802.1X guest VLAN and authorization VLAN configuration example ···················································· 118
802.1X with ACL assignment configuration example ············································································· 121
802.1X with EAD assistant configuration example (with DHCP relay agent) ········································· 122
802.1X with EAD assistant configuration example (with DHCP server) ················································· 125
802.1X SmartOn configuration example ································································································ 127
Troubleshooting 802.1X ································································································································· 129
EAD assistant URL redirection failure ···································································································· 129
Configuring MAC authentication ································································· 130
Overview ························································································································································ 130
User account policies ····························································································································· 130
Authentication methods ·························································································································· 130
VLAN assignment ·································································································································· 131
ACL assignment ····································································································································· 132
Redirect URL assignment ······················································································································ 133
Configuration prerequisites ···························································································································· 133
General guidelines and restrictions ················································································································ 133
Configuration task list ····································································································································· 133
Enabling MAC authentication ························································································································· 134
Specifying a MAC authentication domain ······································································································ 134
Configuring the user account format ·············································································································· 135
Configuring MAC authentication timers ········································································································· 135
Setting the maximum number of concurrent MAC authentication users on a port ········································· 136
Enabling MAC authentication multi-VLAN mode on a port ············································································ 136
Configuring MAC authentication delay ··········································································································· 136
Enabling parallel processing of MAC authentication and 802.1X authentication ··········································· 137
Configuration restrictions and guidelines ······························································································· 137
Configuration procedure ························································································································· 138
Configuring a MAC authentication guest VLAN ····························································································· 138
Configuration prerequisites ···················································································································· 138
Configuration restrictions and guidelines ······························································································· 138
Configuration procedure ························································································································· 139
Configuring a MAC authentication critical VLAN ···························································································· 139
Enabling the MAC authentication critical voice VLAN ···················································································· 140
Configuration prerequisites ···················································································································· 140
Configuration procedure ························································································································· 140
Configuring periodic MAC reauthentication ··································································································· 140
Overview ················································································································································ 140
Configuration restrictions and guidelines ······························································································· 141
Configuration procedure ························································································································· 141
Including user IP addresses in MAC authentication requests ········································································ 142
Enabling MAC authentication offline detection ······························································································ 142
Displaying and maintaining MAC authentication ···························································································· 143
MAC authentication configuration examples ·································································································· 143
Local MAC authentication configuration example ·················································································· 143
RADIUS-based MAC authentication configuration example ·································································· 145
ACL assignment configuration example································································································· 147
Configuring portal authentication ································································ 151
Overview ························································································································································ 151
Extended portal functions ······················································································································· 151
iii