HP ProCurve 3500yl Release Notes page 53

Software version k.13.49

Hide thumbs Also See for ProCurve 3500yl:

Access security manual (778 pages)

Specifications (16 pages)

Features (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

page of 219

/ 219
Contents
Table of Contents
Bookmarks

Table of Contents

Enhancements

Release K.12.05 Enhancements

Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions

Syntax:

aaa port-access gvrp-vlans

Enables the use of dynamic VLANs (learned through GVRP) in the temporary

untagged VLAN assigned by a RADIUS server on an authenticated port in an

802.1X, MAC, or Web authentication session.

Enter the no form of this command to disable the use of GVRP-learned VLANs in

an authentication session.

For information on how to enable a switch to dynamically create

802.1Q-compliant VLANs, refer to the "GVRP" chapter in the Access Security

Guide.

Notes:

1. If a port is assigned as a member of an untagged dynamic VLAN, the dynamic

VLAN configuration must exist at the time of authentication and GVRP for

port-access authentication must be enabled on the switch.

If the dynamic VLAN does not exist or if you have not enabled the use of a dynamic

VLAN for authentication sessions on the switch, the authentication fails.

2. After you enable dynamic VLAN assignment in an authentication session, it

is recommended that you use the interface unknown-vlans command on a per-port

basis to prevent denial-of-service attacks. The interface unknown-vlans command

allows you to:

• Disable the port from sending advertisements of existing GVRP-created VLANs

on the switch.

• Drop all GVRP advertisements received on the port.

For more information, refer to the "GVRP" chapter in the Advanced Traffic

Management Guide.

3. If you disable the use of dynamic VLANs in an authentication session using

the no aaa port-access gvrp-vlans command, client sessions that were authenticated

with a dynamic VLAN continue and are not deauthenticated.

(This behavior differs form how static VLAN assignment is handled in an

authentication session. If you remove the configuration of the static VLAN used

to create a temporary client session, the 802.1X, MAC, or Web authenticated client

is deauthenticated.)

However, if a RADIUS-configured dynamic VLAN used for an authentication

session is deleted from the switch through normal GVRP operation (for example,

if no GVRP advertisements for the VLAN are received on any switch port),

authenticated clients using this VLAN are deauthenticated.

For information on how static and dynamic VLANs are assigned in a

RADIUS-based 802.1X, MAC, or Web authentication session, refer to the "How

RADIUS-Based Authentication Affects VLAN Operation" section in the "RADIUS

Authentication and Accounting" chapter of the Access Security Guide.

Table of Contents

This manual is also suitable for:

Procurve 8212zl Procurve 5400zl 6200yl

HP ProCurve 3500yl Release Notes page 53

Related Manuals for HP ProCurve 3500yl

Related Products for HP ProCurve 3500yl

This manual is also suitable for:

Table of Contents