Triple Authentication Supporting Authorization Vlan And Authentication Failure Vlan Configuration; Example - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Authentication domain: triple
Authentication method: CHAP
Initial VLAN: 14
Authorization untagged VLAN: 14
Authorization tagged VLAN list: N/A
Authorization ACL ID: N/A
Authorization user profile: N/A
Authorization URL: N/A
Termination action: N/A
Session timeout period: N/A
Online from: 2015/01/04 18:13:01
Online duration: 0h 0m 14s
Total 1 connection(s) matched.
Triple authentication supporting authorization VLAN and
authentication failure VLAN configuration example
Network requirement
As shown in
Configure triple authentication on the device's Layer 2 interface connected to the terminals. A
terminal passing one of the three authentication methods, 802.1X authentication, Web
authentication, and MAC authentication, can access the IP network.
•
The Web authentication terminal uses DHCP to get an IP address in 192.168.1.0/24 before
authentication and in 3.3.3.0/24 after passing authentication. If the terminal fails authentication,
it requests IP addresses in 2.2.2.0/24 through DHCP.
You can use the access device or an attached device as the DHCP server. In this example, the
access device (the device) provides the DHCP service.
•
The 802.1X terminal uses DHCP to get an IP address in 192.168.1.0/24 before authentication
and in 3.3.3.0/24 after passing authentication. If the terminal fails authentication, it requests IP
addresses in 2.2.2.0/24 through DHCP.
•
After passing authentication, the printer obtains IP address 3.3.3.111/24 that is bound with its
MAC address through DHCP.
•
Use the remote RADIUS server to perform authentication, authorization, and accounting.
Configure the device to remove the ISP domain names from usernames sent to the RADIUS
server.
•
Configure the local Web authentication server on the device to use listening IP address 4.4.4.4.
Configure the device to send a default authentication page to the Web user and forward
authentication data by using HTTP.
•
Configure VLAN 3 as the authorization VLAN. Users passing authentication are added to this
VLAN.
•
Configure VLAN 2 as the authentication failure VLAN. Users failing authentication are added to
this VLAN.
Figure
158, the terminals are connected to the device to access the IP network.
519
Advertisement
Table of Contents
Troubleshooting
