6-51
RADIUS Authentication, Authorization, and Accounting
MAC-Based VLANs
MAC-Based VLANs
MAC-Based VLANs (MBVs), available on the 5400 and 8200 version 2 interface
modules, allow multiple clients on a single switch port to receive different
untagged VLAN assignments. VLAN assignment of untagged traffic is based
on the source MAC address rather than the port. Clients receive their untagged
VLAN assignment from the RADIUS server. This feature adheres to the require-
ment that if all known IDM attributes for a given client cannot be applied the
authentication request for that client must be rejected.
Both authenticated and unauthenticated clients can reside on the same port
on different VLANs, but only if the mixed-mode configuration is enabled. This
is not the default behavior. The normal operating behavior is to not allow
unauthenticated clients on the port when at least one authenticated client is
present on the port. If an unauthenticated client is present on the unauth VLAN
and another client successfully authenticates on that port, the unauthenti-
cated client is kicked off the port.
When a MBV cannot be applied due to a conflict with another client on that
port a message indicating VID arbitration error is logged.
When a MBV cannot be applied due to lack of resources a message indicating
lack of resources is logged.
There is no command line support for this feature. The decision to use a MBV
is made automatically if the hardware is capable and if the situation necessi-
tates. If multiple clients authenticate on different untagged VLANs on hard-
ware that does not support MBVs, the switch will reject all clients authorized
on a VLAN different from the first client's VLAN - the first authenticated client
sets the Port VID (PVID).
This feature has the side effect of allowing egress traffic from one client's
VLAN to be accepted by all untagged clients on that port. For example,
suppose that clients A and B are both located on the same switch port, but on
two different VLANs. If client A is subscribing to a multicast stream, then client
B also receives that multicast traffic.
Содержание HP ProCurve Series 6600
Страница 2: ......
Страница 6: ...iv ...
Страница 26: ...xxiv ...
Страница 102: ...2 48 Configuring Username and Password Security Password Recovery ...
Страница 204: ...4 72 Web and MAC Authentication Client Status ...
Страница 550: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 612: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 734: ...14 44 Configuring and Monitoring Port Security Operating Notes for Port Security ...
Страница 756: ...16 8 Key Management System Configuring Key Chain Management ...
Страница 776: ...20 Index web server proxy 14 42 webagent access 6 6 wildcard See ACL wildcard See ACL ...
Страница 777: ......