HP ProCurve 9304M Security Manual page 125

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

•

Specifying the authentication-failure action (optional)

•

Defining MAC address filters (optional)

•

Configuring dynamic VLAN assignment (optional)

•

Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires (optional)

•

Saving dynamic VLAN assignments to the startup-config file (optional)

•

Enabling denial of service attack protection (optional)

•

Clearing authenticated MAC addresses (optional)

•

Disabling aging for authenticated MAC addresses (optional)

•

Specifying the aging time for blocked MAC addresses (optional)

Enabling Multi-Device Port Authentication

To enable multi-device port authentication, you first enable the feature globally on the device, then enable it on

individual interfaces.

To globally enable multi-device port authentication on the device, enter the following command:

ProCurveRS(config)# mac-authentication enable

Syntax: [no] mac-authentication enable

To enable multi-device port authentication on an individual interface, enter a command such as the following:

ProCurveRS(config)# mac-authentication enable ethernet 3/1

Syntax: [no] mac-authentication enable <portnum> | all

The all option enables the feature on all interfaces at once.

You can enable the feature on an interface at the interface CONFIG level. For example:

ProCurveRS(config)# interface e 3/1

ProCurveRS(config-if-e100-3/1)# mac-authentication enable

Syntax: [no] mac-authentication enable

You can also configure multi-device port authentication commands on a range of interfaces. For example:

ProCurveRS(config)# int e 3/1 to 3/12

ProCurveRS(config-mif-3/1-3/12)# mac-authentication enable

Specifying the Format of the MAC Addresses Sent to the RADIUS Server

When multi-device port authentication is configured, the HP device authenticates MAC addresses by sending

username and password information to a RADIUS server. The username and password is the MAC address itself;

that is, the device uses the MAC address for both the username and the password in the request sent to the

RADIUS server.

By default, the MAC address is sent to the RADIUS server in the format xxxxxxxxxxxx. You can optionally

configure the device to send the MAC address to the RADIUS server in the format xx-xx-xx-xx-xx-xx, or the format

xxxx.xxxx.xxxx. To do this, enter a command such as the following:

ProCurveRS(config)# mac-authentication auth-passwd-format xxxx.xxxx.xxxx

Syntax: [no] mac-authentication auth-passwd-format xxxx.xxxx.xxxx | xx-xx-xx-xx-xx-xx | xxxxxxxxxxxx

Specifying the Authentication-Failure Action

When RADIUS authentication for a MAC address fails, you can configure the device to perform one of two actions:

•

Drop traffic from the MAC address in hardware (the default)

•

Move the port on which the traffic was received to a restricted VLAN

June 2005

Configuring Multi-Device Port Authentication

6 - 3

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 125

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents