Configuration Restrictions And Guidelines; Configuring Triple Authentication; Triple Authentication Configuration Examples; Triple Authentication Basic Function Configuration Example - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Authorization ACL
After a user passes authentication, the authentication server assigns an authorization ACL to the
access port for the user. The access port uses the ACL to filter traffic for the user.
To use ACL assignment, you must specify authorization ACLs on the authentication server and
configure the ACLs on the access device. You can change the user's access authorization by
changing the authorization ACL on the authentication server or changing rules of the authorization
ACL on the access device.
Detection of online users
You can configure the following features to detect the online status of users:
•
Enable online user detection for Web authentication users.
•
Enable the online user handshake or periodic online user reauthentication feature for 802.1X
users.
•
Enable offline detection for MAC authentication users.
Configuration restrictions and guidelines
When you configure triple authentication, follow these restrictions and guidelines:
•
If Web authentication is enabled on a port, configure the subnets of the authentication failure
VLANs and server-unreachable VLANs of the port as Web authentication-free subnets. This
ensures that an authentication-failed user can access the authentication failure VLAN or
server-unreachable VLAN.
•
Do not configure both Web authentication-free IPs and 802.1X free IPs. If you do so, only
802.1X free IPs take effect.
Configuring triple authentication
Configure a minimum of one type of authentication:
Task
Configure 802.1X authentication.
Configure MAC authentication.
Configure Web authentication.
Triple authentication configuration examples
Triple authentication basic function configuration example
Network requirements
As shown in
Configure triple authentication on the device's Layer 2 interface that connects to the terminals. A
terminal passing one of the three authentication methods, 802.1X authentication, Web
authentication, and MAC authentication, can access the IP network.
•
Assign IP addresses on subnet 192.168.1.0/24 to the terminals.
Figure
157, the terminals are connected to the device to access the IP network.
Command
See "Configuring 802.1X."
See "Configuring MAC
authentication."
See "Configuring Web
authentication."
515
Remarks
802.1X authentication must use
MAC-based access control.
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
