13-33
Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
On ports configured for port-based 802.1X access control, if multiple clients
try to authenticate on the same port, the most recently authenticated client
determines the untagged VLAN membership for that port. Clients that connect
without trying to authenticate will have access to the untagged VLAN mem-
bership that is currently assigned to the port.
VLAN Membership Priorities
Following client authentication, an 802.1X port resumes membership in any
tagged VLANs for which it is already assigned in the switch configuration. The
port also becomes an untagged member of one VLAN according to the follow-
ing order of options:
a.
1st Priority:
The port joins a VLAN to which it has been assigned by
a RADIUS server during client authentication.
b.
2nd Priority:
If RADIUS authentication does not include assigning
the port to a VLAN, then the switch assigns the port to the VLAN
entered in the port’s 802.1X configuration as an
Authorized-Client
VLAN, if configured.
c.
3rd Priority:
If the port does not have an Authorized-Client VLAN
configured, but does have a static, untagged VLAN membership in its
configuration, then the switch assigns the port to this VLAN.
A port assigned to a VLAN by an Authorized-Client VLAN configuration
(or a RADIUS server) will be an untagged member of the VLAN for the
duration of the authenticated session. This applies even if the port is also
configured in the switch as a tagged member of the same VLAN.
N o t e
After client authentication, the port resumes membership in any tagged
VLANs for which it is configured. If the port is a tagged member of a VLAN
used for 1 or 2 listed above, then it also operates as an untagged member of
that VLAN while the client is connected. When the client disconnects, the port
reverts to tagged membership in the VLAN.
Use Models for 802.1X Open VLAN Modes
You can apply the 802.1X Open VLAN mode in more than one way. Depending
on your use, you will need to create one or two static VLANs on the switch for
exclusive
use by per-port 802.1X Open VLAN mode authentication:
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......