Home > HP > Switch > HP A 5120 Manual

HP A 5120 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 111

    Page 111 101 Table 8 Relationships of the MAC authentication guest VLAN with other security features Feature Relationship description Reference MAC authentication quiet function The MAC authentication guest VLAN function has higher priority. A user can access any resources in the guest VLAN. MAC authentication timers Port intrusion protection The MAC authentication guest VLAN function has higher priority than the block MAC action but lower priority than the shut down port action of the port... 
     
101 
Table 8 Relationships of the MAC authentication guest VLAN with other security features 
Feature Relationship description Reference 
MAC authentication 
quiet function 
The MAC authentication guest VLAN 
function has higher priority. A user can 
access any resources in the guest VLAN.  
MAC authentication timers 
Port intrusion protection 
The MAC authentication guest VLAN 
function has higher priority than the block 
MAC action but lower priority than the shut 
down port action of the port...

    Page 112

    Page 112 102 Configuration procedure 1. Configure local MAC authentication. # Add a local user account, set both the username and password to 00-e0-fc-12-34-56, the MAC address of the user host, and enable LAN access service for the account. system-view [Device] local-user 00-e0-fc-12-34-56 [Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56 [Device-luser-00-e0-fc-12-34-56] service-type lan-access [Device-luser-00-e0-fc-12-34-56] quit # Configure ISP domain aabbcc.net, and perform... 
     
102 
Configuration procedure 
1. Configure local MAC authentication. 
# Add a local user account, set both the username and password to 00-e0-fc-12-34-56, the MAC address 
of the user host, and enable LAN access service for the account. 
 system-view 
[Device] local-user 00-e0-fc-12-34-56 
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56 
[Device-luser-00-e0-fc-12-34-56] service-type lan-access 
[Device-luser-00-e0-fc-12-34-56] quit 
# Configure ISP domain aabbcc.net, and perform...

    Page 113

    Page 113 103 Current online user number is 1 MAC Addr Authenticate state Auth Index 00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29 # After the user passes authentication, use the display connection command to display the online user information. display connection Index=29 ,Username=00-e0-fc-12-34-56@aabbcc.net MAC=00e0-fc12-3456 IP=N/A IPv6=N/A Total 1 connection(s) matched. RADIUS-based MAC authentication configuration example Network... 
     
103 
  Current online user number is 1 
          MAC Addr         Authenticate state           Auth Index 
          00e0-fc12-3456   MAC_AUTHENTICATOR_SUCCESS     29 
#  After  the  user passes  authentication,  use  the display connection command  to  display  the  online  user 
information. 
 display connection 
 
Index=29  ,[email protected] 
MAC=00e0-fc12-3456 
IP=N/A 
IPv6=N/A 
 Total 1 connection(s) matched. 
RADIUS-based MAC authentication configuration example 
Network...

    Page 114

    Page 114 104 [Device-radius-2000] primary authentication 10.1.1.1 1812 [Device-radius-2000] primary accounting 10.1.1.2 1813 [Device-radius-2000] key authentication abc [Device-radius-2000] key accounting abc [Device-radius-2000] user-name-format without-domain [Device-radius-2000] quit # Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, and accounting. [Device] domain 2000 [Device-isp-2000] authentication default radius-scheme 2000 [Device-isp-2000] authorization default... 
     
104 
[Device-radius-2000] primary authentication 10.1.1.1 1812 
[Device-radius-2000] primary accounting 10.1.1.2 1813 
[Device-radius-2000] key authentication abc 
[Device-radius-2000] key accounting abc 
[Device-radius-2000] user-name-format without-domain 
[Device-radius-2000] quit 
# Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, and accounting. 
[Device] domain 2000 
[Device-isp-2000] authentication default radius-scheme 2000 
[Device-isp-2000] authorization default...

    Page 115

    Page 115 105 # After the user passes authentication, use the display connection command to display the online user information. display connection Index=29 ,Username=aaa@2000 MAC=00e0-fc12-3456 IP=N/A IPv6=N/A Total 1 connection(s) matched. ACL assignment configuration example Network requirements As shown in Figure 39, a host connects to the device’s port GigabitEthernet 1/0/1, and the device performs RADIUS servers for authentication, authorization, and accounting.... 
     
105 
#  After  the  user  passes  authentication,  use  the display connection command  to  display  the  online  user 
information. 
 display connection 
 
Index=29  ,Username=aaa@2000 
MAC=00e0-fc12-3456 
IP=N/A 
IPv6=N/A 
 Total 1 connection(s) matched. 
ACL assignment configuration example 
Network requirements 
As  shown  in Figure  39,  a  host  connects to the  device’s port GigabitEthernet  1/0/1, and the  device 
performs RADIUS servers for authentication, authorization, and accounting....

    Page 116

    Page 116 106 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.2 1813 [Sysname-radius-2000] key authentication abc [Sysname-radius-2000] key accounting abc [Sysname-radius-2000] user-name-format without-domain [Sysname-radius-2000] quit # Apply the RADIUS scheme to an ISP domain for authentication, authorization, and accounting. [Sysname] domain 2000 [Sysname-isp-2000] authentication default radius-scheme 2000 [Sysname-isp-2000] authorization... 
     
106 
[Sysname-radius-2000] primary authentication 10.1.1.1 1812 
[Sysname-radius-2000] primary accounting 10.1.1.2 1813 
[Sysname-radius-2000] key authentication abc 
[Sysname-radius-2000] key accounting abc 
[Sysname-radius-2000] user-name-format without-domain 
[Sysname-radius-2000] quit 
# Apply the RADIUS scheme to an ISP domain for authentication, authorization, and accounting. 
[Sysname] domain 2000 
[Sysname-isp-2000] authentication default radius-scheme 2000 
[Sysname-isp-2000] authorization...

    Page 117

    Page 117 107 Request timed out. Ping statistics for 10.0.0.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 
     
107 
Request timed out. 
 
Ping statistics for 10.0.0.1: 
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    Page 118

    Page 118 108 Portal configuration Portal overview Introduction to portal Portal authentication helps control access to the Internet. Portal authentication is also called ―web authentication‖. A website implementing portal authentication is called a portal website. With portal authentication, an access device redirects all users to the portal authentication page. All users can access the free services provided on the portal website; but to access the Internet, a user must pass... 
     
108 
Portal configuration 
Portal overview 
Introduction to portal 
Portal  authentication helps  control  access  to  the  Internet.  Portal  authentication is  also  called ―web 
authentication‖. A website implementing portal authentication is called a portal website. 
With portal authentication, an access device redirects all users to the portal authentication page. All users 
can  access  the  free  services  provided  on  the portal  website;  but  to  access  the  Internet, a user  must  pass...

    Page 119

    Page 119 109 Figure 40 Portal system components Authentication client An authentication client is an entity seeking access to network resources. It is typically an end-user terminal, such as a PC. The client can use a browser or a portal client software for portal authentication. Client security check is implemented through communications between the client and the security policy server. Access device An access device controls user access. It can be a... 
     
109 
Figure 40 Portal system components 
  
Authentication client 
An authentication  client  is  an  entity  seeking  access  to  network  resources.  It  is  typically  an  end-user 
terminal,  such  as  a  PC.  The client can  use  a  browser  or a  portal  client  software  for portal  authentication. 
Client  security  check is  implemented  through communications  between  the  client  and  the  security  policy 
server.  
Access device 
An access  device  controls user access.  It  can  be  a...

    Page 120

    Page 120 110 to the portal server’s web authentication homepage. For extended portal functions, authentication clients must run the portal client software. 2. On the authentication homepage/authentication dialog box, the user enters and submits the authentication information, which the portal server then transfers to the access device. 3. Upon receipt of the authentication information, the access device communicates with the authentication/accounting server for authentication and accounting. 4. After... 
     
110 
to the portal server’s web authentication homepage. For extended portal functions, authentication 
clients must run the portal client software. 
2. On the authentication homepage/authentication dialog box, the user enters and submits the 
authentication information, which the portal server then transfers to the access device.  
3. Upon receipt of the authentication information, the access device communicates with the 
authentication/accounting server for authentication and accounting.  
4. After...
    Start reading HP A 5120 Manual

    Related Manuals for HP A 5120 Manual

    All HP manuals