Using Triple Authentication With Other Features; Configuring Triple Authentication - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
If a terminal passes 802.1X or portal authentication, no other types of authentication will be
•
triggered for the terminal.
If the terminal passes MAC authentication, no portal authentication can be triggered for the
•
terminal, but 802.1X authentication can be triggered. When the terminal passes 802.1X
authentication, the 802.1X authentication information will overwrite the MAC authentication
information for the terminal.
Using triple authentication with other features
A triple authentication enabled access port supports working with the following features.
VLAN assignment
After a terminal passes authentication, the authentication server assigns an authorized VLAN to the
access port for the access terminal. The terminal can then access the network resources in the authorized
VLAN.
Auth-Fail VLAN or MAC authentication guest VLAN
After a terminal fails authentication, the access port:
Adds the terminal to an Auth-Fail VLAN, if it uses 802.1X or portal authentication service.
•
Adds the terminal to a MAC authentication guest VLAN, if it uses MAC authentication service.
•
A terminal may undergo all three types of authentication. If it fails to pass all types of authentication, the
access port adds the terminal to the 802.1X Auth-Fail VLAN.
ACL assignment
You can specify an authorization ACL for an authenticated user to control its access to network resources.
After the user passes MAC authentication, the authentication server, either the local access device or a
RADIUS server, assigns the ACL onto the access port to filter traffic for the user.
You must configure the ACLs on the access device, whether the authentication server is the access device
or a remote AAA server.
Detection of online terminals
You can enable an online detection timer, which is configurable, to detect online portal clients.
•
You can enable the online handshake or periodic re-authentication function to detect online 802.1X
•
clients at a configurable interval.
You can enable an offline detection timer to detect online MAC authentication terminals at a
•
configurable interval.
For more information about the extended functions, see
authentication," and
Configuring triple authentication
Step
1.
Configure 802.1X
authentication.
2.
Configure MAC authentication.
"Configuring portal
authentication."
Command
See
"Configuring
See
"Configuring MAC
authentication"
"Configuring
802.1X"
186
802.1X,"
"Configuring MAC
Remarks
Configure at least one type of
authentication.
802.1X authentication must use
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
