EasyManuals Logo

HP ProCurve 5406zl Access Security Guide

HP ProCurve 5406zl
390 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #258 background imageLoading...
Page #258 background image
Configuring Port-Based and Client-Based Access Control (802.1X)
Overview
Port-Based access control option allowing authentication by a single
client to open the port. This option does not force a client limit and,
on a port opened by an authenticated client, allows unlimited client
access without requiring further authentication.
Supplicant implementation using CHAP authentication and indepen-
dent user credentials on each port.
Local authentication of 802.1X clients using the switch’s local username
and password (as an alternative to RADIUS authentication).
On-demand change of a ports configured VLAN membership status to
support the current client session.
Session accounting with a RADIUS server, including the accounting
update interval.
Use of Show commands to display session counters.
Support for concurrent use of 802.1X and either Web authentication or
MAC authentication on the same port.
For unauthenticated clients that do not have the necessary 802.1X suppli-
cant software (or for other reasons related to unauthenticated clients),
there is the option to configure an Unauthorized-Client VLAN. This mode
allows you to assign unauthenticated clients to an isolated VLAN through
which you can provide the necessary supplicant software and/or other
services you want to extend to these clients.
User Authentication Methods
The switch offers two methods for using 802.1X access control. Generally, the
“Port Based” method supports one 802.1X-authenticated client on a port,
which opens the port to an unlimited number of clients. The “Client-Based”
method supports up to 32 802.1X-authenticated clients on a port. In both cases,
there are operating details to be aware of that can influence your choice of
methods.
802.1X Client-Based Access Control
802.1X operation with access control on a per-client basis provides client-level
security that allows LAN access to individual 802.1X clients (up to 32 per port),
where each client gains access to the LAN by entering valid user credentials.
This operation improves security by opening a given port only to individually
authenticated clients, while simultaneously blocking access to the same port
for clients that cannot be authenticated. All sessions must use the same
untagged VLAN. Also, an authenticated client can use any tagged VLAN
memberships statically configured on the port, provided the client is config-
ured to use the tagged VLAN memberships available on the port. (Note that
10-4

Table of Contents

Other manuals for HP ProCurve 5406zl

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 5406zl and is the answer not in the manual?

HP ProCurve 5406zl Specifications

General IconGeneral
Product NameHP ProCurve 5406zl
CategorySwitch
LayerLayer 3
Operating Temperature32°F to 131°F (0°C to 55°C)
Operating Humidity15% to 95% non-condensing
ManagementSNMP, CLI
Power SupplyRedundant power supplies (optional)
Memory128 MB flash, 512 MB SDRAM

Related product manuals