HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 527
Example of Untagged VLAN Assignment in a RADIUS- Based Authentication Session
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 527 highlights
Configuring Port-Based and User-Based Access Control (802.1X) How RADIUS/802.1X Authentication Affects VLAN Operation If this temporary VLAN assignment causes the switch to disable a different untagged static or dynamic VLAN configured on the port (as described in the preceding bullet and in "Example of Untagged VLAN Assignment in a RADIUS-Based Authentication Session" on page 12-71), the disabled VLAN assignment is not advertised. When the authentication session ends, the switch: • Removes the temporary untagged VLAN assignment and stops adver tising it. • Re-activates and resumes advertising the temporarily disabled, untagged VLAN assignment. ■ If you modify a VLAN ID configuration on a port during an 802.1X, MAC, or Web authentication session, the changes do not take effect until the session ends. ■ When a switch port is configured with RADIUS-based authentication to accept multiple 802.1X and/or MAC or Web authentication client sessions, all authenticated clients must use the same port-based, untagged VLAN membership assigned for the earliest, currently active client session. Therefore, on a port where one or more authenticated client sessions are already running, all such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a new client, but attempts to re-assign the port to a different, untagged VLAN than the one already in use for the previously existing, authenticated client sessions, the connec tion for the new client will fail. Example of Untagged VLAN Assignment in a RADIUSBased Authentication Session The following example shows how an untagged static VLAN is temporarily assigned to a port for use during an 802.1X authentication session. In the example, an 802.1X-aware client on port A2 has been authenticated by a RADIUS server for access to VLAN 22. However, port A2 is not configured as a member of VLAN 22 but as a member of untagged VLAN 33 as shown in Figure 12-20. 12-71