79
Using 802.1X authentication with other features
ACL assignment
You can specify an ACL for an 802.1X user to control its access to network resources. After the user
passes 802.1X authentication, the authentication server assigns the ACL to the access port to filter
traffic from this user. The authentication server can be the local access device or a RADIUS server.
In either case, you must configure the ACL on the access device.
To ensure a successful ACL assignment, make sure the ACL does not contain rules that match
source MAC addresses.
To change the access control criteria for the user, you can use one of the following methods:
• Modify ACL rules on the access device.
• Specify another authorization ACL on the authentication server.
For more information about ACLs, see ACL and QoS Configuration Guide.
User profile assignment
You can specify a user profile for an 802.1X user to control the user's access to network resources.
After the user passes 802.1X authentication, the authentication server assigns the user profile to the
user for filtering traffic. The authentication server can be the local access device or a RADIUS server.
In either case, you must configure the user profile on the access device.
To change the user's access permissions, you can use one of the following methods:
• Modify the user profile configuration on the access device.
• Specify another user profile for the user on the authentication server.
For more information about user profiles, see "Configuring user profiles."
EAD assistant
Endpoint Admission Defense (EAD) is an HPE integrated endpoint access control solution to
improve the threat defensive capability of a network. The solution enables the security client, security
policy server, access device, and third-party server to operate together. If a terminal device seeks to
access an EAD network, it must have an EAD client, which performs 802.1X authentication.
EAD assistant enables the access device to redirect a user who is seeking to access the network to
download and install an EAD client. This feature eliminates the administrative task to deploy EAD
clients.
The EAD assistant feature is implemented by the following functionalities:
• Free IP.
A free IP is a freely accessible network segment, which has a limited set of network resources
such as software and DHCP servers. To ensure security strategy compliance, an
unauthenticated user can access only this segment to perform operations. For example, the
user can download EAD client from a software server or obtain a dynamic IP address from a
DHCP server.
• Redirect URL.
If an unauthenticated 802.1X user is using a Web browser to access the network, the EAD
assistant feature redirects the user to a specific URL. For example, you can use this feature to
redirect the user to the EAD client software download page.
The EAD assistant feature automatically creates an ACL-based EAD rule to open access to the
redirect URL for each redirected user.
To Next Page
Loading...
Need help?
General