Operating Notes - HP ProCurve Series 3400cl Release Notes
Procurve series
Hide thumbs
Also See for ProCurve Series 3400cl:
- Management manual (664 pages) ,
- Management and configuration manual (508 pages) ,
- Access security manual (404 pages)
Table of Contents
Advertisement
The port is temporarily assigned as a member of an untagged (static or dynamic) VLAN for use
■
during the client session according to the following order of options.
a.
The port joins the VLAN to which it has been assigned by a RADIUS server during client
authentication.
b. If RADIUS authentication does not include assigning the port to a VLAN, then the switch
assigns the port to the authorized-client VLAN configured for the authentication method.
c.
If the port does not have an authorized-client VLAN configured, but is configured for
membership in an untagged VLAN, the switch assigns the port to this untagged VLAN.
Operating Notes
During client authentication, a port assigned to a VLAN by a RADIUS server or an authorized-
■
client VLAN configuration is an untagged member of the VLAN for the duration of the authenti-
cated session. This applies even if the port is also configured in the switch as a tagged member
of the same VLAN. The following restrictions apply:
•
If the port is assigned as a member of an untagged static VLAN, the VLAN must already be
configured on the switch. If the static VLAN configuration does not exist, the authentication
fails.
•
If the port is assigned as a member of an untagged dynamic VLAN that was learned through
GVRP, the dynamic VLAN configuration must exist on the switch at the time of authentication
and GVRP-learned dynamic VLANs for port-access authentication must be enabled
If the dynamic VLAN does not exist or if you have not enabled the use of a dynamic VLAN
for authentication sessions on the switch, the authentication fails.
To enable the use of a GVRP-learned (dynamic) VLAN as the untagged VLAN used in an
■
authentication session, enter the aaa port-access gvrp-vlans command.
■
Enabling the use of dynamic VLANs in an authentication session offers the following benefits:
•
You avoid the need of having static VLANs pre-configured on the switch.
•
You can centralize the administration of user accounts (including user VLAN IDs) on a
RADIUS server.
For information on how to enable the switch to dynamically create 802.1Q-compliant VLANs on
links to other devices using the GARP VLAN Registration Protocol (GVRP), refer to the "GVRP"
chapter in the Advanced Traffic Management Guide.
For an authentication session to proceed, a ProCurve port must be an untagged member of the
■
(static or dynamic) VLAN assigned by the RADIUS server (or an authorized-client VLAN config-
uration). The port temporarily drops any current untagged VLAN membership.
If the port is not already a member of the RADIUS-assigned (static or dynamic) untagged VLAN,
the switch temporarily reassigns the port as an untagged member of the required VLAN (for the
duration of the session). At the same time, if the ProCurve port is already configured as an
untagged member of a different VLAN, the port loses access to the other VLAN for the duration
of the session. (A port can be an untagged member of only one VLAN at a time.)
Enhancements
Release M.10.33 Enhancements
103
Advertisement
Table of Contents
