How 802.1X Authentication Affects Vlan Operation; Static Vlan Requirement - HP procurve switch 2650 Access Security Manual

Hide thumbs Also See for procurve switch 2650:

Management and configuration manual (524 pages)

Install manual (86 pages)

Read me first (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

page of 184

/ 184
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Port-Based Access Control (802.1x)

How 802.1x Authentication Affects VLAN Operation

5-24

Note on Supplicant Statistics. For each port configured as a supplicant,

show port-access supplicant statistics [e] < port-list >]

address and statistics for transactions with the authenticator device most

recently detected on the port. If the link between the supplicant port and the

authenticator device fails, the supplicant port continues to show data from

the connection to the most recent authenticator device until one of the

following occurs:

The supplicant port detects a different authenticator device

You use the aaa port-access supplicant [ e ] < port-list > clear-

statistics command to clear the statistics for the supplicant port

The switch reboots

Thus, if the supplicant's link to the authenticator fails, the supplicant retains

the most recent transaction statistics until one of the above events occurs.

Also, if you move a link with an authenticator from one supplicant port to

another without clearing the statistics data from the first port, the authentica-

tor's MAC address will appear in the supplicant statistics for both ports.

How 802.1x Authentication Affects

VLAN Operation

RADIUS authentication for an 802.1x client on a given port can include a

(static) VLAN requirement. (Refer to the documentation provided with your

RADIUS application.)

Static VLAN Requirement

The static VLAN to which a client is assigned must already exist on the switch.

If it does not exist or is a dynamic VLAN (created by GVRP), authentication

fails. Also, for the session to proceed, the port must be an untagged member

of the required VLAN. If it is not, the switch temporarily reassigns the port as

described below.

If the Port Used by the Client Is Not Configured as an Untagged

Member of the Required Static VLAN: When a client is authenticated on

port "N", if port "N" is not already configured as an untagged member of the

static VLAN specified by the RADIUS server, then the switch temporarily

assigns port "N" as an untagged member of the required VLAN (for the duration

of the 802.1x session). At the same time, if port "N" is already configured as

displays the source MAC

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 6108

How 802.1X Authentication Affects Vlan Operation; Static Vlan Requirement - HP procurve switch 2650 Access Security Manual

How 802.1x Authentication Affects VLAN Operation

Static VLAN Requirement

Hide quick links:

Related Manuals for HP procurve switch 2650

Related Content for HP procurve switch 2650

This manual is also suitable for:

Table of Contents