HP ProCurve Switch 2900yl-24G Access Security Manual page 273

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

page of 374

/ 374
Contents
Table of Contents
Bookmarks

Table of Contents

C a u t i o n

Statically configure an Authorized-Client VLAN in the switch. The only

■

ports that should belong to this VLAN are ports offering services and

access you want available to authenticated clients. 802.1X authenticator

ports do not have to be members of this VLAN.

Note that if an 802.1X authenticator port is an untagged member of

another VLAN, the port's access to that other VLAN will be temporarily

removed while an authenticated client is connected to the port. For

example, if:

Port A5 is an untagged member of VLAN 1 (the default VLAN).

ii. You configure port A5 as an 802.1X authenticator port.

iii. You configure port A5 to use an Authorized-Client VLAN.

Then, if a client connects to port A5 and is authenticated, port A5 becomes

an untagged member of the Authorized-Client VLAN and is temporarily

suspended from membership in the default VLAN.

If you expect friendly clients to connect without having 802.1X supplicant

■

software running, provide a server on the Unauthorized-Client VLAN for

downloading 802.1X supplicant software to the client, and a procedure by

which the client initiates the download.

■

A client must either have a valid IP address configured before connecting

to the switch, or download one through the Unauthorized-Client VLAN

from a DHCP server. In the latter case, you will need to provide DHCP

services on the Unauthorized-Client VLAN.

Ensure that the switch is connected to a RADIUS server configured to

■

support authentication requests from clients using ports configured as

802.1X authenticators. (The RADIUS server should not be on the Unau-

thorized-Client VLAN.)

Note that as an alternative, you can configure the switch to use local

password authentication instead of RADIUS authentication. However,

this is less desirable because it means that all clients use the same

passwords and have the same access privileges. Also, you must use 802.1X

supplicant software that supports the use of local switch passwords.

Ensure that you do not introduce a security risk by allowing Unauthorized-

Client VLAN access to network services or resources that could be compro-

mised by an unauthorized client.

Configuring Port-Based and Client-Based Access Control (802.1X)

802.1X Open VLAN Mode

9-39

Table of Contents

This manual is also suitable for:

Procurve switch 2900yl-48g J9049a J9050a

HP ProCurve Switch 2900yl-24G Access Security Manual page 273

Related Manuals for HP ProCurve Switch 2900yl-24G

Related Products for HP ProCurve Switch 2900yl-24G

This manual is also suitable for:

Table of Contents