HP ProCurve J8766A Release Note page 87

For the procurve series 4200vl switches

Hide thumbs Also See for ProCurve J8766A:

Read me first (4 pages)

Quick reference manual (44 pages)

Installation manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

For information on how to enable the switch to dynamically create 802.1Q-compliant VLANs on

links to other devices using the GARP VLAN Registration Protocol (GVRP), refer to the "GVRP"

chapter in the Advanced Traffic Management Guide.

For an authentication session to proceed, a ProCurve port must be an untagged member of

■

the (static or dynamic) VLAN assigned by the RADIUS server (or an authorized-client VLAN

configuration). The port temporarily drops any current untagged VLAN membership.

If the port is not already a member of the RADIUS-assigned (static or dynamic) untagged VLAN,

the switch temporarily reassigns the port as an untagged member of the required VLAN (for the

duration of the session). At the same time, if the ProCurve port is already configured as an

untagged member of a different VLAN, the port loses access to the other VLAN for the duration

of the session. (A port can be an untagged member of only one VLAN at a time.)

When the authentication session ends, the switch removes the temporary untagged VLAN

assignment and re-activates the temporarily disabled, untagged VLAN assignment.

If GVRP is already enabled on the switch, the temporary untagged (static or dynamic) VLAN

■

created on the port for the authentication session is advertised as an existing VLAN.

If this temporary VLAN assignment causes the switch to disable a different untagged static or

dynamic VLAN configured on the port, the disabled VLAN assignment is not advertised. When

the authentication session ends, the switch:

•

Removes the temporary untagged VLAN assignment and stops advertising it.

•

Re-activates and resumes advertising the temporarily disabled, untagged VLAN assign-

ment.

If you modify a VLAN ID configuration on a port during an 802.1X, MAC, or Web

■

authentication session, the changes do not take effect until the session ends.

■

When a switch port is configured with RADIUS-based authentication to accept multiple

802.1X and/or MAC or Web authentication client sessions, all authenticated clients must use

the same port-based, untagged VLAN membership assigned for the earliest, currently active

client session.

Therefore, on a port where one or more authenticated client sessions are already running, all

such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a

new client, but attempts to re-assign the port to a different, untagged VLAN than the one already

in use for the previously existing, authenticated client sessions, the connection for the new client

will fail. For more on this topic, refer to "802.1X Open VLAN Mode" in the "Configuring Port-

Based and Client-Based Access Control (802.1X)" chapter in the Access Security Guide.

Enhancements

Release L.11.08 Enhancements

Table of Contents

Show Quick Links

Quick Links:
Rebooting and Reloading the Switch

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 4200vl L.11.09

HP ProCurve J8766A Release Note page 87

Hide quick links:

Related Manuals for HP ProCurve J8766A

Related Products for HP ProCurve J8766A

This manual is also suitable for:

Table of Contents