Configuring Port-Based and User-Based Access Control (802.1X)
How RADIUS/802.1X Authentication Affects VLAN Operation
supplicant port to another without clearing the statistics data from the first
port, the authenticator’s MAC address will appear in the supplicant statistics
for both ports.
How RADIUS/802.1X Authentication
Affects VLAN Operation
Static VLAN Requirement.
RADIUS authentication for an 802.1X client on
a given port can include a (static) VLAN requirement. (Refer to the documen
tation provided with your RADIUS application.) The static VLAN to which a
RADIUS server assigns a client must already exist on the switch. If it does not
exist or is a dynamic VLAN (created by GVRP), authentication fails. Also, for
the session to proceed, the port must be an untagged member of the required
VLAN. If it is not, the switch temporarily reassigns the port as described below.
If the Port Used by the Client Is Not Configured as an Untagged
Member of the Required Static VLAN:
When a client is authenticated on
port “N”, if port “N” is not already configured as an untagged member of the
static VLAN specified by the RADIUS server, then the switch temporarily
assigns port “N” as an untagged member of the required VLAN (for the duration
of the 802.1X session).
At the same time, if port “N” is already configured as
an untagged member of another VLAN, port “N” loses access to that other
VLAN for the duration of the session.
(This is because a port can be an
untagged member of only one VLAN at a time.)
Using a RADIUS server to authenticate clients, you can provide port-level
security protection from unauthorized network access for the following
authentication methods:
■
802.1X: Port-based or client-based access control to open a port for client
access after authenticating valid user credentials.
■
MAC address: Authenticates a device’s MAC address to grant access to
the network.
■
Web-browser interface: Authenticates clients for network access using a
web page for user login.
12-67
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......