EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #102 background imageLoading...
Page #102 background image
89
This feature does not take effect if the 802.1 X authentication is triggered by EAPOL-Start packets
from 802.1X clients.
To use this feature, the 802.1X-enabled port must be configured with the unicast trigger feature and
perform MAC-based access control.
When 802.1X authentication is triggered on a port, the device performs the following operations:
1. Sends a unicast EAP-Request/Identity packet to the MAC address that triggers the
authentication.
2. Retransmits the packet if no response is received within the username request timeout interval
set by using the dot1x timer tx-period command.
3. Assigns the port to the 802.1X guest VLAN after the maximum number of request attempts set
by using the dot1x retry command is reached.
To enable 802.1X guest VLAN assignment delay on a port:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter
Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3.
Enable 802.1X guest
VLAN assignment delay
on the port.
dot1x guest-vlan-delay
By default, 802.1X guest VLAN
assignment delay is disabled on a port.
Configuring an 802.1X Auth-Fail VLAN
Configuration guidelines
When you configure an 802.1X Auth-Fail VLAN, follow these restrictions and guidelines:
• Assign different IDs to the voice VLAN, the port VLAN, and the 802.1X Auth-Fail VLAN on a
port. The assignment ensures that the port can correctly process VLAN-tagged incoming traffic.
• You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on
different ports can be different.
• When you configure multiple security features on a port, follow the guidelines in Table 8.
Table 8 Relationships of the 802.1X Auth-Fail VLAN with other features
Feature
Relationship description
Reference
Super VLAN
You cannot specify a VLAN as
both a super VLAN and an 802.1X
Auth-Fail VLAN.
See Layer 2—LAN Switching
Configuration Guide.
MAC authentication guest VLAN
on a port that performs
MAC-based access control
The 802.1X Auth-Fail VLAN has a
high priority.
See "Configuring MAC
authentication."
Port intrusion protection actions
on a port that performs
MAC-based access control
The 802.1X Auth-Fail VLAN
feature has higher priority than the
block MAC action.
The 802.1X Auth-Fail VLAN
feature has lower priority than the
shutdown port action of the port
intrusion protection feature.
See "Configuring port security."

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals