HP 1920 Gigabit Ethernet Switch Series User Manual page 343
Hp 1920 gigabit ethernet switch series
Hide thumbs
Also See for 1920 Gigabit Ethernet Switch Series:
- User manual (547 pages) ,
- Getting started manual (33 pages) ,
- Supplementary manual (63 pages)
Table of Contents
Advertisement
Authentication status
No 802.1X user has
performed authentication
within 90 seconds after
802.1X is enabled.
A user in the 802.1X guest
VLAN fails 802.1X
authentication.
A user in the 802.1X guest
VLAN passes 802.1X
authentication.
•
On a port that performs MAC-based access control:
Authentication status
A user has not passed
802.1X authentication yet.
A user in the 802.1X guest
VLAN fails 802.1X
authentication.
A user in the 802.1X guest
VLAN passes 802.1X
authentication.
To use the 802.1X guest VLAN function on a port that performs MAC-based access control, make sure the
port is a hybrid port, and enable MAC-based VLAN on the port.
The network device assigns a hybrid port to an 802.1X guest VLAN as an untagged member.
Auth-Fail VLAN
You can configure an Auth-Fail VLAN to accommodate users that have failed 802.1X authentication
because of the failure to comply with the organization security strategy, such as using a wrong password.
Users in the Auth-Fail VLAN can access a limited set of network resources, such as a software server, to
download anti-virus software and system patches.
The Auth-Fail VLAN does not accommodate 802.1X users that have failed authentication for
authentication timeouts or network connection problems. The way that the network access device
handles VLANs on the port differs by 802.1X access control mode.
On a port that performs port-based access control:
•
VLAN manipulation
The device assigns the 802.1X guest VLAN to the port as the PVID. All
802.1X users on this port can access only resources in the guest VLAN.
If no 802.1X guest VLAN is configured, the access device does not
perform any VLAN operation.
If an 802.1X Auth-Fail VLAN (see
device assigns the Auth-Fail VLAN to the port as the PVID. All users on this
port can access only resources in the Auth-Fail VLAN.
If no Auth-Fail VLAN is configured, the PVID on the port is still the 802.1X
guest VLAN. All users on the port are in the guest VLAN.
•
The device assigns the VLAN specified for the user to the port as the
PVID, and removes the port from the 802.1X guest VLAN. After the
user logs off, the user configured PVID restores.
•
If the authentication server assigns no VLAN, the user configured PVID
applies. The user and all subsequent 802.1X users are assigned to the
user-configured PVID. After the user logs off, the PVID remains
unchanged.
VLAN manipulation
The device creates a mapping between the MAC address of the user and
the 802.1X guest VLAN. The user can access resources in the guest
VLAN.
If an 802.1X Auth-Fail VLAN is available, the device remaps the MAC
address of the user to the Auth-Fail VLAN. The user can access only
resources in the Auth-Fail VLAN.
If no 802.1X Auth-Fail VLAN is configured, the user is still in the guest
VLAN.
The device remaps the MAC address of the user to the authorized VLAN.
If the authentication server assigns no authorized VLAN, the device
remaps the MAC address of the user to the initial PVID on the port.
330
"Auth-Fail
VLAN") is available, the
Hide quick links:
Advertisement
Table of Contents
