HP ProCurve 2510G Series Manual page 206

Configuring Port-Based and Client-Based Access Control (802.1X)
Terminology
8-8
EAPOL: Extensible Authentication Protocol Over LAN,
802.1X standard
Friendly Client: A client that does not pose a security risk if given access to
the switch and your network.
MD5: An algorithm for calculating a unique digital signature over a stream of
bytes. It is used by CHAP to perform authentication without revealing the
shared secret (password).
PVID (Port VID): This is the VLAN ID for the untagged VLAN to which an
802.1X port belongs.
Port-Based Authentication: In this operation, the first client on a port to
authenticate itself unblocks the port for the duration of the client's 802.1X-
authenticated session. The switches covered in this guide use port-based
authentication.
Static VLAN: A VLAN that has been configured as "permanent" on the switch
by using the CLI vlan < vid > command or the Menu interface.
Supplicant: The entity that must provide the proper credentials to the switch
before receiving access to the network. This is usually an end-user work-
station, but it can be a switch, router, or another device seeking network
services.
Tagged Membership in a VLAN: This type of VLAN membership allows a
port to be a member of multiple VLANs simultaneously. If a client
connected to the port has an operating system that supports 802.1Q VLAN
tagging, then the client can access VLANs for which the port is a tagged
member. If the client does not support VLAN tagging, then it can access
only a VLAN for which the port is an untagged member. (A port can be an
untagged member of only one port-based VLAN at a time.) Where a port
is a tagged member of a VLAN, 802.1X Open VLAN mode does not affect
the port's access to the VLAN unless the port is statically configured as a
member of a VLAN that is also configured as the Unauthorized-Client or
Authorized-Client VLAN. See also "Untagged Membership in a VLAN".
Unauthorized-Client VLAN: A conventional, static VLAN statically config-
ured on the switch. It is used to provide access to a client prior to
authentication, and is sometimes termed a guest VLAN. It should be set
up to allow an unauthenticated client to access only the initialization
services necessary to establish an authenticated connection, plus any
other desirable services whose use by an unauthenticated client poses no
security threat to your network. (Note that an unauthenticated client has
access to all network resources that have membership in the VLAN you
.
as defined in the