HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 368
Switch with a Port Con d To, IP Addressing for a Client Connected
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 368 highlights
Configuring Port-Based and User-Based Access Control (802.1X) 802.1X Open VLAN Mode Condition Rule Effect of RADIUS-assigned VLAN The port joins the RADIUS-assigned VLAN as an untagged member. This rule assumes no other authenticated clients are already using the port on a different VLAN. IP Addressing for a Client Connected A client can either acquire an IP address from a DHCP server or use to a Port Configured for 802.x Open a manually configured IP address before connecting to the switch. VLAN Mode 802.1X Supplicant Software for a A friendly client, without 802.1X supplicant software, connecting to an Client Connected to a Port Configured authenticator port must be able to download this software from the for 802.1X Open VLAN Mode Unauthorized-Client VLAN before authentication can begin. Switch with a Port Configured To Allow Multiple Authorized-Client Sessions When a new client is authenticated on a given port: • If no other clients are authenticated on that port, then the port joins one VLAN in the following order of precedence: a. A RADIUS-assigned VLAN, if configured. b. An Authenticated-Client VLAN, if configured. c. A static, port-based VLAN to which the port belongs as an untagged member. d. Any VLAN(s) to which the port is configured as a tagged member (provided that the client can operate in that VLAN). • If another client is already authenticated on the port, then the port is already assigned to a VLAN for the previously-existing client session, and the new client must operate in this same VLAN, regardless of other factors. (This means that a client without 802.1X client authentication software cannot access a configured, Unauthenticated-Client VLAN if another, authenticated client is already using the port.) 10-38