Example Of Untagged Vlan Assignment In A Radius-Based Authentication Session - HP ProCurve Series 3400cl Release Notes

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Enhancements

Release M.10.33 Enhancements

When the authentication session ends, the switch removes the temporary untagged VLAN

assignment and re-activates the temporarily disabled, untagged VLAN assignment.

■

If GVRP is already enabled on the switch, the temporary untagged (static or dynamic) VLAN

created on the port for the authentication session is advertised as an existing VLAN.

If this temporary VLAN assignment causes the switch to disable a different untagged static or

dynamic VLAN configured on the port, the disabled VLAN assignment is not advertised. When

the authentication session ends, the switch:

•

Removes the temporary untagged VLAN assignment and stops advertising it.

•

Re-activates and resumes advertising the temporarily disabled, untagged VLAN assignment.

If you modify a VLAN ID configuration on a port during an 802.1X, MAC, or Web authentication

■

session, the changes do not take effect until the session ends.

■

When a switch port is configured with RADIUS-based authentication to accept multiple 802.1X

and/or MAC or Web authentication client sessions, all authenticated clients must use the same

port-based, untagged VLAN membership assigned for the earliest, currently active client session.

Therefore, on a port where one or more authenticated client sessions are already running, all

such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a

new client, but attempts to re-assign the port to a different, untagged VLAN than the one already

in use for the previously existing, authenticated client sessions, the connection for the new client

will fail.