HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 363
Notes, unauth-period, 1X Per-Port Configuration, Port Response, Authorized-Client VLAN
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 363 highlights
Configuring Port-Based and User-Based Access Control (802.1X) 802.1X Open VLAN Mode 802.1X Per-Port Configuration Authorized-Client VLAN Port Response • After client authentication, the port drops membership in the Unauthorized-Client VLAN and becomes an untagged member of this VLAN. Notes: If the client is running an 802.1X supplicant application when the authentication session begins, and is able to authenticate itself before the switch assigns the port to the Unauthorized-Client VLAN, then the port does not become a member of the Unauthorized-Client VLAN. On the switches covered in this guide, you can use the unauth-period command- page 10-23-to delay moving the port into the Unauthorized-Client VLAN. If RADIUS authentication assigns a VLAN and there are no other authenticated clients on the port, then the port becomes a member of the RADIUS-assigned VLAN -instead of the Authorized-Client VLAN-while the client is connected. • If the port is statically configured as a tagged member of a VLAN, and this VLAN is used as the Authorized-Client VLAN, then the port temporarily becomes an untagged member of this VLAN when the client becomes authenticated. • If the port is statically configured as a tagged member of a VLAN, the port returns to tagged membership in this VLAN upon successful authentication. This happens even if the RADIUS server assigns the port to another, authorized VLAN. If the port is already configured as a tagged member of a VLAN that RADIUS assigns as an authorized VLAN, then the port becomes an untagged member of that VLAN for the duration of the client connection. 10-33