Characteristics Of Mixed Port Access Mode - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Configuring Port-Based and User-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
N o t e
13-30
have access to the insecure guest VLAN (unauthenticated VLAN) that has been
configured for 802.1X or Web/MAC authentication. 802.1X and Web/MAC
authentication normally do not allow authenticated clients (the phone) and
unauthenticated clients (the PC) on the same port (unless MAC-based VLANs
are enabled. Please see "MAC-Based VLANs" on page 6-51).
Mixed port access mode allows 802.1X and Web/MAC authenticated and
unauthenticated clients on the same port when the guest VLAN is the same as
the port's current untagged authenticated VLAN for authenticated clients, or
when none of the authenticated clients are authorized on the untagged authen-
ticated VLAN. Instead of having just one client per port, multiple clients can
use the guest VLAN.
Authenticated clients always have precedence over guests (unauthenticated
clients) if access to a client's untagged VLAN requires removal of a guest VLAN
from the port. If an authenticated client becomes authorized on its untagged
VLAN as the result of initial authentication or because of an untagged packet
from the client, then all 802.1X or Web/MAC authenticated guests are removed
from the port and the port becomes an untagged member of the client's
untagged VLAN.
Characteristics of Mixed Port Access Mode
The port keeps tagged VLAN assignments continuously.
■
The port sends broadcast traffic from the VLANs even when there are only
■
guests authorized on the port.
■
Guests cannot be authorized on any tagged VLANs.
Guests can use the same bandwidth, rate limits and QoS settings that may
■
be assigned for authenticated clients on the port (via RADIUS attributes).
When no authenticated clients are authorized on the untagged authenti-
■
cated VLAN, the port becomes an untagged member of the guest VLAN
for as long as no untagged packets are received from any authenticated
clients on the port.
■
New guest authorizations are not allowed on the port if at least one
authenticated client is authorized on its untagged VLAN and the guest
VLAN is not the same as the authenticated client's untagged VLAN.
If you disable mixed port access mode, this does not automatically remove
guests that have already been authorized on a port where an authenticated
client exists. New guests are not allowed after the change, but the existing
Hide quick links:
Advertisement
Chapters
Table of Contents
