Using Triple Authentication With Other Features - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
authentication, the other types of authentication being performed are terminated. Then, whether the
other types of authentication can be triggered varies:
If a terminal passes 802.1X or portal authentication, no other types of authentication will be
•
triggered for the terminal.
If the terminal passes MAC authentication, no portal authentication can be triggered for the
•
terminal, but 802.1X authentication can be triggered. When the terminal passes 802.1X
authentication, the 802.1X authentication information will overwrite the MAC authentication
information for the terminal.
Using triple authentication with other features
A triple authentication enabled access port supports working with the following features.
VLAN assignment
After a terminal passes authentication, the authentication server assigns an authorized VLAN to the
access port for the access terminal. The terminal can then access the network resources in the authorized
VLAN.
Auth-Fail VLAN or MAC authentication guest VLAN
After a terminal fails authentication, the access port:
Adds the terminal to an Auth-Fail VLAN, if it uses 802.1X or portal authentication service.
•
Adds the terminal to a MAC authentication guest VLAN, if it uses MAC authentication service.
•
A terminal may undergo all three types of authentication. If it fails to pass all types of authentication, the
access port adds the terminal to the 802.1X Auth-Fail VLAN.
ACL assignment
You can specify an authorization ACL for an authenticated user to control its access to network resources.
After the user passes MAC authentication, the authentication server, either the local access device or a
RADIUS server, assigns the ACL onto the access port to filter traffic for the user.
You must configure the ACLs on the access device, whether the authentication server is the access device
or a remote AAA server.
Detection of online terminals
You can enable an online detection timer, which is configurable, to detect online portal clients.
•
•
You can enable the online handshake or periodic re-authentication function to detect online 802.1X
clients at a configurable interval.
You can enable an offline detection timer to detect online MAC authentication terminals at a
•
configurable interval.
NOTE:
For more information about the extended functions, see the chapters "802.1X configuration", "MAC
authentication configuration", and "Portal configuration."
191
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
