Authorized And Unauthorized Client Vlans - HP ProCurve 6120G/XG Manual

Hp procurve series 6120 blade switches access security guide
Hide thumbs Also See for ProCurve 6120G/XG:
Table of Contents

Advertisement

Each new Web/MAC Auth client always initiates a MAC authentica­
tion attempt. This same client can also initiate Web authentication at
any time before the MAC authentication succeeds. If either authenti­
cation succeeds then the other authentication (if in progress) is
ended. No further Web/MAC authentication attempts are allowed
until the client is deauthenticated.
Web and MAC authentications are not allowed on the same port if
unauthenticated VLAN (that is, a guest VLAN) is enabled for MAC
authentication. An unauthenticated VLAN can't be enabled for MAC
authentication if Web and MAC authentication are both enabled on
the port.
Hitless reauthentication must be of the same type (MAC) that was
used for the initial authentication. Non-hitless reauthentication can
be of any type.
The remaining Web/MAC functionality, including interactions with 802.1X,
remains the same. Web and MAC authentication can be used for different
clients on the same port.
Normally, MAC authentication finishes much sooner than Web authentication.
However, if Web authentication should complete first, MAC authentication
will cease even though it is possible that MAC authentication could succeed.
There is no guarantee that MAC authentication ends before Web authentica­
tion begins for the client.
Concurrent Web and MAC authentication is backward compatible with all
existing user configurations.

Authorized and Unauthorized Client VLANs

Web-Auth and MAC-Auth provide a port-based solution in which a port
belongs to one, untagged VLAN at a time. The switch supports up to 32
simultaneous client sessions per port. All authenticated client sessions
operate in the same untagged VLAN. (If you want the switch to simultaneously
support multiple client sessions in different VLANs for a network application,
design your system so that clients request network access on different switch
ports.)
In the default configuration, the switch blocks access to all clients that the
RADIUS server does not authenticate. However, you can configure an
individual port to provide limited network services and access to unauthorized
Web and MAC Authentication
Overview
3-5

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Procurve 6120xgProcurve 6120 series

Table of Contents