802.1X Open Vlan Mode; Introduction - HP ProCurve 2910al Access Security Manual

802.1X Open VLAN Mode

802.1X Authentication Commands
802.1X Supplicant Commands
802.1X Open VLAN Mode Commands
[no] aaa port-access authenticator < port-list >
[auth-vid < vlan-id >]
[unauth-vid < vlan-id >]
802.1X-Related Show Commands
RADIUS server configuration

Introduction

This section describes how to use the 802.1X Open VLAN mode to provide a
path for clients that need to acquire 802.1X supplicant software before
proceeding with the authentication process. The Open VLAN mode involves
options for configuring unauthorized-client and authorized-client VLANs on
ports configured as 802.1X authenticators.
Configuring the 802.1X Open VLAN mode on a port changes how the port
responds when it detects a new client. In earlier releases, a "friendly" client
computer not running 802.1X supplicant software could not be authenticated
on a port protected by 802.1X access security. As a result, the port would
become blocked and the client could not access the network. This prevented
the client from:
■ Acquiring IP addressing from a DHCP server
■ Downloading the 802.1X supplicant software necessary for an authenti­
cation session
The 802.1X Open VLAN mode solves this problem by temporarily suspending
the port's static VLAN memberships and placing the port in a designated
Unauthorized-Client VLAN (sometimes termed a guest VLAN). In this state
the client can proceed with initialization services, such as acquiring IP
addressing and 802.1X client software, and starting the authentication
process.
Configuring Port-Based and User-Based Access Control (802.1X)

802.1X Open VLAN Mode

page 12-19
page 12-51
page 12-45
page 12-53
pages 12-27
12-31