HP 10500 Series Configuration Manual page 342

maintaining local user group, 20
protocols and standards, 10
RADIUS. See RADIUS
RADIUS server 802.1X user, 60
RADIUS server for portal users, 52
tearing down user connection, 45
troubleshooting, 69
access control methods (802.1X), 80, 88
accessing
access device as authentication initiator (802.1X),
75
device (portal authentication), 125
accounting
configuring ISP domain method (AAA), 44
configuring RADIUS accounting-on, 29
MAC authentication user account policies, 1 1 1
ACL
802.1X assignment, 85
configuring 802.1X assignment, 103
configuring ACL for IPsec, 303
implementing ACL-based IPsec, 302
MAC authentication ACL assignment, 1 12
verifying 802.1X assignment configuration, 104
ACL checking
enabling for de-encapsulated IPsec packets, 310
active
acknowledgement (ARP attack protection), 256
authentication (portal), 124, 142
advertisement
ICMPv6 NA message, 266
ICMPv6 RA message, 266
algorithm
authentication and encryption algorithms (IPsec),
301
negotiation (SSH authentication), 201
public key configuration, 195
public key management, 191
anti-replay
configuring IPsec anti-replay, 310
any authentication (SSH), 201
application (URPF network), 271
applying
IPsec policy, 309
applying QoS policy, 189
architecture (802.1X), 72
ARP
MFF configuration, 273, 275, 277
MFF network port, 274
MFF user port, 274
MFF work flow, 275
ARP attack protection
configuration, 251
configuring active acknowledgement, 256
configuring automatic scanning, 264, 265
configuring detection, 257
configuring fixed ARP, 264, 265
configuring packet rate limit, 254
configuring packet validity check, 258
configuring restricted forwarding, 259, 262
configuring source MAC address-based detection,
254, 255
configuring source suppression, 252
configuring unresolvable IP attack defense, 252,
253
configuring user validity and packet validity
checks, 261
configuring user validity check, 257, 259
displaying ARP detection, 259
displaying source MAC address-based ARP attack
detection, 255
displaying source suppression, 252
enabling black hole routing, 252
maintaining ARP detection, 259
packet validity check, 257
restricted forwarding, 257
user validity check, 257
assigning
802.1X ACL, 85
MAC authentication VLAN assignment, 1 12
VLAN (802.1X), 80
asymmetric key
algorithm, 191
creating local pair, 192
destroying local pair, 193
attribute
configuring IKE proposal, 318
configuring ISP domain (AAA), 40
configuring RADIUS related attributes, 136
EAP-Message (802.1X), 75
HP proprietary RADIUS subattributes, 12
Message-Authentication (802.1X), 75
RADIUS, 1 1
RADIUS common, 5, 1 1
RADIUS extended, 6
authentication
802.1X (port security), 168
802.1X trigger function, 91
access device as initiator (802.1X), 75
across VPNs (portal authentication), 131
client as initiator (802.1X), 75
combined MAC/802.1X authentication (port
security), 168
332