Critical Vlan; Configuration Task List; Basic Configuration For Mac Authentication - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
MAC authentication guest VLAN is configured, the user who fails MAC authentication cannot access any
network resources.
If a user in the guest VLAN passes MAC authentication, the user is removed from the guest VLAN and can
access all authorized network resources. If not, the user is still in the MAC authentication guest VLAN.
A hybrid port is always assigned to a guest VLAN as an untagged member. After the assignment, do not
re-configure the port as a tagged member in the VLAN.
Critical VLAN
NOTE:
This feature is available in Release 1203 and later versions.
You can configure a MAC authentication critical VLAN on a port to accommodate users that fail MAC
authentication because no RADIUS authentication server is reachable. Users in a MAC authentication
critical VLAN can access a limit set of network resources depending on your configuration.
The critical VLAN feature takes effect when MAC authentication is performed only through RADIUS
servers. If a MAC authentication user fails local authentication after RADIUS authentication, the user is
not assigned to the critical VLAN. For more information about RADIUS configuration, see
AAA."
Any of the following RADIUS authentication server changes in the ISP domain for MAC authentication
users on a port can cause users to be removed from the critical VLAN:
An authentication server is reconfigured, added, or removed.
•
The status of any RADIUS authentication server automatically changes to active or is
•
administratively set to active.
The RADIUS server probing function detects that a RADIUS authentication server is reachable and
•
sets its state to active.
Configuration task list
Task
Basic configuration for MAC
•
Configuring MAC authentication globally
•
Configuring MAC authentication on a port
Specifying a MAC authentication domain
Configuring a MAC authentication guest VLAN
Configuring a MAC authentication critical VLAN
Configuring MAC authentication delay
Basic configuration for MAC authentication
Before performing basic configuration for MAC authentication, complete the following tasks:
Create and configure an authentication domain, also called an "ISP domain."
•
authentication:
113
"Configuring
Remarks
Required.
Optional.
Optional.
Optional.
Optional.
Advertisement
Table of Contents
Troubleshooting
