HP 1920-16G, 1920-24G, 1920-24G-PoE+ (180W), 1920-48G, 1920-8G, 1920-8G-PoE+ (180W), 1920-8G-PoE+ (65W) 802.1X configuration examples

Table 106 Relationships of the 802.1X guest VLAN and other security features

	Feature	Relationship description
	MAC authentication guest VLAN on a port that	Only the 802.1X guest VLAN take effect. A user that
	MAC authentication guest VLAN on a port that	fails MAC authentication will not be assigned to the
	performs MAC-based access control	fails MAC authentication will not be assigned to the
	performs MAC-based access control	MAC authentication guest VLAN.
		MAC authentication guest VLAN.

	802.1X Auth-Fail VLAN on a port that performs	The 802.1X Auth-Fail VLAN has a higher priority.
	MAC-based access control	The 802.1X Auth-Fail VLAN has a higher priority.
	MAC-based access control

		The 802.1X guest VLAN function has higher priority
	Port intrusion protection on a port that performs	than the block MAC action, but it has lower priority
	MAC-based access control	than the shutdown port action of the port intrusion
		protection feature.

Configuring an Auth-Fail VLAN

Configuration prerequisites

•Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.

•If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port, enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged member.

Configuration guidelines

•The 802.1X Auth-Fail VLANs on different ports can be different.

•Assign different IDs to the port VLAN and the 802.1X Auth-Fail VLAN on a port, so the port can correctly process VLAN tagged incoming traffic.

•Use Table 107 when configuring multiple security features on a port. Table 107 Relationships of the 802.1X Auth-Fail VLAN with other features

	Feature	Relationship description
	MAC authentication guest VLAN on a port that	The 802.1X Auth-Fail VLAN has a high priority.
	performs MAC-based access control	The 802.1X Auth-Fail VLAN has a high priority.
	performs MAC-based access control

		The 802.1X Auth-Fail VLAN function has higher priority
	Port intrusion protection on a port that performs	than the block MAC action, but it has lower priority
	MAC-based access control	than the shutdown port action of the port intrusion
		protection feature.

802.1X configuration examples

MAC-based 802.1X configuration example

Network requirements

As shown in Figure 311, the access device performs 802.1X authentication for users that connect to port GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one user does not affect other online 802.1X users. Enable periodic re-authentication of online users on the port, so that the server can periodically update the authorization information of the users.

336

HP 802.1X configuration examples

Models: 1920-16G 1920-24G 1920-24G-PoE+ (180W) 1920-48G 1920-8G 1920-8G-PoE+ (180W) 1920-8G-PoE+ (65W)