HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 141

 
131 
 Upon  receiving  an  HTTP  packet  from  a  terminal,  the  access  port  performs  portal  authentication  on 
the terminal. 
If a terminal triggers different types of authentication, the authentications are processed at the same time. 
A  failure  of  one  type  of  authentication  does  not  affect  the  others.  When  a  terminal  passes  one  type  of 
authentication, the other types of authentication being performed are terminated. Then, whether the other 
types of authentication can be...

Page 142

 
132 
To do… Use the command… Remarks 
Configure MAC 
authentication 
See the chapter ―MAC authentication 
configuration‖ 
Configure at least one type of 
authenticationK 
Configure Layer-2 portal 
authentication See the chapter ―Portal configuration‖ 
 
 NOTE: 
802.1X authentication must use MAC-based access control.  
Triple authentication configuration examples 
Triple authentication basic function configuration example 
Network requirements 
As  shown in Figure  45,  the terminals are  connected to...

Page 143

 
133 
 NOTE: 
 Make sure that the terminals, the server, and the switch can reach each other. 
 The host of the web user must have a route to the listening IP address of the local portal server.  
 Complete the configuration on the RADIUS server and make sure the authentication, authorization, and 
accounting functions work normally. In this example, configure on the RADIUS server an 802.1X user (with 
username userdot), a portal user (with username userpt), and a MAC authentication user (with a...

Page 144

 
134 
[Switch-radius-rs1] server-type extended 
# Specify the primary authentication and accounting servers and keys. 
[Switch-radius-rs1] primary authentication 1.1.1.2 
[Switch-radius-rs1] primary accounting 1.1.1.2 
[Switch-radius-rs1] key authentication radius 
[Switch-radius-rs1] key accounting radius 
# Specify usernames sent to the RADIUS server to carry no domain names. 
[Switch-radius-rs1] user-name-format without-domain 
[Switch-radius-rs1] quit 
5. Configure an ISP domain. 
# Create an ISP...

Page 145

 
135 
Triple authentication supporting VLAN assignment and Auth-Fail 
VLAN configuration example 
Network requirement 
As  shown in Figure  46,  the terminals  are  connected to a  switch to  access  the  IP  network. It  is  required to 
configure  triple  authentication  on  the  Layer-2  interface  of  the  switch  which  connects  to  the  terminals,  so 
that  a  terminal  passing  one  of the  three  authentication  methods,  802.1X  authentication,  portal 
authentication, and MAC authentication,...

Page 146

 
136 
 NOTE: 
 Make sure that the terminals, the servers, and the switch can reach each other. 
 When using an external DHCP server, ensure that the terminals can get IP addresses from the server before and 
after authentication. 
 Complete the configuration on the RADIUS server, and make sure the authentication, authorization, and 
accounting functions work normally. In this example, configure on the RADIUS server an 802.1X user (with 
username userdot), a portal user (with username userpt), a MAC...

Page 147

 
137 
[Switch-dhcp-pool-3] network 3.3.3.0 mask 255.255.255.0 
[Switch-dhcp-pool-3] expired day 0 hour 0 minute 1 
[Switch-dhcp-pool-3] gateway-list 3.3.3.1 
[Switch-dhcp-pool-3] quit 
# Configure  IP  address  pool  4,  and  bind the printer MAC  address 0015-e9a6-7cfe to  the  IP  address 
3.3.3.111/24 in this address pool. 
[Switch] dhcp server ip-pool 4 
[Switch-dhcp-pool-4] static-bind ip-address 3.3.3.111 mask 255.255.255.0 
[Switch-dhcp-pool-4] static-bind mac-address 0015-e9a6-7cfe...

Page 148

 
138 
# Enable MAC authentication on GigabitEthernet 1/0/1, and specify VLAN 2 as the Auth-Fail VLAN 
[Switch] interface gigabitethernet 1/0/1 
[Switch–GigabitEthernet1/0/1] mac-authentication 
[Switch–GigabitEthernet1/0/1] mac-authentication guest-vlan 2 
[Switch–GigabitEthernet1/0/1] quit 
5. Configure a RADIUS scheme. 
# Create a RADIUS scheme named rs1. 
[Switch] radius scheme rs1 
# Specify the server type for the RADIUS scheme, which must be extended when the iMC server is used....

Page 149

 
139 
 IP=3.3.3.2 
 IPv6=N/A 
 MAC=0002-0002-0001 
Index=32  , Username=001588f80dd7@triple 
 IP=N/A 
 IPv6=N/A 
 MAC=0015-88f8-0dd7 
 
 Total 3 connection(s) matched on slot 1. 
 Total 3 connection(s) matched. 
Use  the display  mac-vlan  all command  to  view  the  MAC-VLAN  entries  of  online  users.  VLAN  3  is  the 
authorized VLAN. 
[Switch] display mac-vlan all 
  The following MAC VLAN addresses exist: 
  S:Static  D:Dynamic 
  MAC ADDR         MASK             VLAN ID   PRIO   STATE...

Page 150

 
140 
Port security configuration 
Port security overview 
Port security is a MAC address-based security mechanism for network access control. It is an extension to 
the existing  802.1X authentication and MAC authentication. It prevents access of unauthorized devices to 
a network by checking the source MAC address of inbound traffic and access to unauthorized devices by 
checking the destination MAC address of outbound traffic.  
Port  security  enables  you  to  control  MAC  address  learning  and...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals