HP FlexFabric 5700 Series Security Configuration Manual page 84
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (63 pages) ,
- Configuration manual (132 pages)
Table of Contents
Advertisement
VLAN ID with suffix.
The suffix can be t or u, which indicates whether the ports assigned to the VLAN are tagged
members. For example, 2u indicates that the ports assigned to VLAN 2 are untagged
members.
NOTE:
The access device converts VLAN names and VLAN group name into VLAN IDs before VLAN
assignment.
Unsupported VLAN types
Do not specify the following types of VLANs for VLAN authorization. The access device does not assign
these VLANs to 802.1X users.
VLANs that have not been created.
•
Dynamically-learned VLANs.
•
•
Reserved VLANs.
Private VLANs.
•
VLAN selection and assignment
If the server assigns a group of VLANs, the access device selects and assigns a VLAN according to the
VLAN ID format.
VLANs.
Table 5 VLAN selection and assignment for a group of authorization VLANs
Types of authorized VLANs
•
VLANs by IDs
•
VLANs by names
•
VLAN group name
VLAN IDs with suffixes
NOTE:
Assign VLAN IDs with suffixes only to hybrid or trunk ports that perform port-based access control.
Table 5
describes the VLAN selection and assignment rules for a group of authorization
VLAN selection and assignment rules
The device selects a VLAN as the authorization VLAN for a user,
depending on whether the port has other online users:
•
If the port does not have other online users, the device selects the VLAN
with the lowest ID from the group of VLANs.
•
If the port has other online users, the device selects the VLAN by using
the following process:
a.
b.
The device follows the rules in
4.
The device selects the leftmost VLAN ID without a suffix, or the leftmost
VLAN ID suffixed by u as an untagged VLAN, whichever is more
leftmost.
5.
The device assigns the untagged VLAN to the port as the PVID, and it
assigns the remaining as tagged VLANs. If no untagged VLAN is
assigned, the PVID of the port does not change. The port permits traffic
from these tagged and untagged VLANs to pass through.
For example, the authentication server sends the string 1u 2t 3 to the access
device for a user. The device assigns VLAN 1 as an untagged VLAN and
other VLANs as tagged VLANs. VLAN 1 becomes the PVID.
The device selects the VLAN that has the fewest number of online
users.
If two VLANs have the same number of online 802.1X users, the
device selects the VLAN with the lower ID.
Table 6
72
to handle VLAN assignment.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
