802.1X Port States; Supported Radius Attributes - HP GbE2c - Blc Layer 2/3 Fiber SFP Option Application Manual

Ethernet blade switch for c-class bladesystem

Hide thumbs Also See for GbE2c - Blc Layer 2/3 Fiber SFP Option:

Interface manual (209 pages)

Command reference manual (175 pages)

Cli reference manual (153 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

Table of Contents

802.1x port states

The state of the port determines whether the client is granted access to the network, as follows:

Unauthorized—While in this state, the port discards all ingress and egress traffic except EAP packets.

Authorized—When the client is authenticated successfully, the port transitions to the authorized state allowing

all traffic to and from the client to flow normally.

Force Unauthorized—You can configure this state that denies all access to the port.

Force Authorized—You can configure this state that allows full access to the port.

Use the 802.1x Global Configuration Menu (/cfg/l2/8021x/global) to configure 802.1x authentication for all

ports in the switch. Use the 802.1x Port Menu (/cfg/l2/8021x/port x) to configure a single port.

Supported RADIUS attributes

The GbE2c 802.1x Authenticator relies on external RADIUS servers for authentication with EAP. The following table

lists the RADIUS attributes that are supported as part of RADIUS-EAP authentication based on the guidelines specified

in Annex D of the 802.1x standard and RFC 3580.

Table 9

EAP support for RADIUS attributes

Attribute

User-Name

NAS-IP-Address

NAS-Port

State

Called-Station-ID

Calling-Station-ID

EAP-Message

Message-Authentica-

tor

NAS-Port-ID

Legend:

RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept), A-C (Access-Challenge), A-R (Access-Reject)

RADIUS Attribute Support:

This attribute MUST NOT be present in a packet.

0+ Zero or more instances of this attribute MAY be present in a packet.

0-1 Zero or one instance of this attribute MAY be present in a packet.

Exactly one instance of this attribute MUST be present in a packet.

One or more of these attributes MUST be present.

Attribute Value

The value of the Type-Data field from the

supplicant's EAP-Response/Identity

message. If the Identity is unknown (i.e.

Type-Data field is zero bytes in length), this

attribute will have the same value as the

Calling-Station-Id.

IP address of the authenticator used for

RADIUS communication.

Port number of the authenticator port to

which the supplicant is attached.

Server-specific value. This is sent

unmodified back to the server in an

Access-Request that is in response to an

Access-Challenge.

The MAC address of the authenticator

encoded as an ASCII string in canonical

format, e.g. 000D5622E3 9F.

The MAC address of the supplicant

encoded as an ASCII string in canonical

format, e.g. 00034B436206.

Encapsulated EAP packets from the

supplicant to the authentication server

(Radius) and vice-versa. The authenticator

relays the decoded packet to both devices.

Always present whenever an EAP-Message

attribute is also included. Used to integrity-

protect a packet.

Name assigned to the authenticator port,

e.g. Server1_Port3

A-R

A-A

A-C

0-1

Port-based Network Access and traffic control 41

A-R

Table of Contents

Troubleshooting

This manual is also suitable for:

Gbe2c Xw460c - proliant - blade workstation

802.1X Port States; Supported Radius Attributes - HP GbE2c - Blc Layer 2/3 Fiber SFP Option Application Manual

802.1x port states

Supported RADIUS attributes

Troubleshooting

Related Manuals for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

Related Content for HP GbE2c - Blc Layer 2/3 Fiber SFP Option

This manual is also suitable for:

Table of Contents