HP (Hewlett-Packard) 2650 (J4899A/B) ユーザーズマニュアル

ページ / 306
3-4
Web and MAC Authentication for the Series 2600/2600-PWR and 2800 Switches
Overview
General Features
Web and MAC Authentication on the ProCurve Series 2600, 2600-PWR, and 
2800 switches  include the following:
On a port configured for Web or MAC Authentication, the switch 
operates as a port-access authenticator using a RADIUS server and 
the CHAP protocol. Inbound traffic is processed by the switch alone, 
until authentication occurs. Some traffic from the switch is available 
to an unauthorized client (for example, broadcast or unknown desti-
nation packets) before authentication occurs.
Proxy servers may not be used by browsers accessing the switch 
through ports using Web Authentication.
You can optionally configure the switch to temporarily assign “autho-
rized” and “unauthorized” VLAN memberships on a per-port basis to 
provide different services and access to authenticated and unauthen-
ticated clients. 
Web pages for username and password entry and the display of 
authorization status are provided when using Web Authentication.
You can use the RADIUS server to temporarily assign a port to a static 
VLAN to support an authenticated client. When a RADIUS server 
authenticates a client, the switch-port membership during the client’s 
connection is determined according to the following hierarchy:
1.
A RADIUS-assigned VLAN
2.
An authorized VLAN specified in the Web- or MAC-Auth configuration 
for the subject port.
3.
A static, port-based, untagged VLAN to which the port is configured. 
A RADIUS-assigned VLAN has priority over switch-port membership 
in any VLAN.
You can allow wireless clients to move between switch ports under 
Web/MAC Authentication control. Clients may move from one Web 
authorized port to another or from one MAC authorized port to 
another. This capability allows wireless clients to move from one 
access point to another without having to reauthenticate.
Unlike 802.1X operation, clients do not need supplicant software for 
Web or MAC Authentication; only a web browser (for Web Authenti-
cation) or a MAC address (for MAC Authentication).
You can use “Show” commands to display session status and port-
access configuration settings.