Configuring 802.1X; Hp Implementation Of 802.1X; Access Control Methods; Using 802.1X Authentication With Other Features - HP 6600 Security Configuration Manual

Configuring 802.1X

This chapter describes how to configure 802.1X on an HP device. You can also configure the port security
feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication. It
applies to a network that requires different authentication methods for different users on a port. Port
security is beyond the scope of this chapter. For more information about port security, see "Configuring
port security."
NOTE:
802.1X is supported only on a SAP module that is operating in bridge mode.

HP implementation of 802.1X

Access control methods

HP implements port-based access control as defined in the 802.1X protocol, and extends the protocol to
support MAC-based access control.
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
•
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
•
no other online users are affected.

Using 802.1X authentication with other features

VLAN assignment
You can configure the authentication server to assign a VLAN for an 802.1X user that has passed
authentication. The way that the network access device handles VLANs on an 802.1X-enabled port
differs by 802.1X access control mode.
Access control
Port-based
VLAN manipulation
Assigns the VLAN to the port as the port VLAN (PVID). The authenticated 802.1X user
and all subsequent 802.1X users can access the VLAN without authentication.
When the user logs off, the previous PVID restores, and all other online users are
logged off.
83