HP 1920-8G Switch User's Manual | Page 10

HP Switch User's Manual - 1920-8G Switch.
Download
Page  of 547
4.6, 1201 votes
background image

viii 

Configuring 802.1X ··············································································································································· 321 

802.1X overview ························································································································································· 321 

802.1X architecture ············································································································································ 321 

Access control methods ······································································································································ 321 

Controlled/uncontrolled port and port authorization status ··········································································· 322 
Packet formats ······················································································································································ 322 

EAP over RADIUS ················································································································································ 323 

Initiating 802.1X authentication ························································································································ 324 

802.1X authentication procedures ···················································································································· 325 
802.1X timers ······················································································································································ 328 

Using 802.1X authentication with other features ···························································································· 329 

Configuration prerequisites ········································································································································· 331 

Recommended configuration procedure···················································································································· 332 
Configuring 802.1X globally ····································································································································· 332 

Configuring 802.1X on a port ··································································································································· 333 

Configuring an 802.1X guest VLAN ················································································································· 335 
Configuring an Auth-Fail VLAN ························································································································· 336 

802.1X configuration examples ································································································································· 336 

MAC-based 802.1X configuration example ···································································································· 336 

802.X with ACL assignment configuration example ······················································································· 343 

Configuring AAA ···················································································································································· 352 

Overview ······································································································································································· 352 

AAA application ·················································································································································· 352 

Domain-based user management ······················································································································ 353 

Configuration prerequisites ········································································································································· 353 

Recommended configuration procedure ··········································································································· 353 

Configuring an ISP domain ································································································································ 354 
Configuring authentication methods for the ISP domain ················································································· 355 

Configuring authorization methods for the ISP domain ·················································································· 356 

Configuring accounting methods for the ISP domain ······················································································ 357 

AAA configuration example ······································································································································· 359 

Configuring RADIUS ··············································································································································· 363 

Overview ······································································································································································· 363 

Client/server model ············································································································································ 363 

Security and authentication mechanisms ·········································································································· 364 
Basic RADIUS message exchange process ······································································································ 364 

RADIUS packet format ········································································································································ 365 

Extended RADIUS attributes ······························································································································· 367 
Protocols and standards ····································································································································· 368 

Configuring a RADIUS scheme ··································································································································· 368 

Configuring common parameters ······················································································································ 369 

Adding RADIUS servers ······································································································································ 373 

RADIUS configuration example ·································································································································· 374 

Configuration guidelines ············································································································································· 378 

Configuring users ···················································································································································· 380 

Configuring a local user ·············································································································································· 380 
Configuring a user group ············································································································································ 382 

Managing certificates ············································································································································· 384 

Overview ······································································································································································· 384 

PKI terms ······························································································································································· 384 

PKI architecture ···················································································································································· 384 

How PKI works ····················································································································································· 385 

0.586791s