Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

2.The RADIUS server then responds with an MD5 access challenge that switch “B” forwards to port 1 on switch “A”.

3.Port 1 replies with an MD5 hash response based on its username and password or other unique credentials. Switch “B” forwards this response to the RADIUS server.

4.The RADIUS server then analyzes the response and sends either a “success” or “failure” packet back through switch “B” to port 1.

A “success” response unblocks port 5 to normal traffic from port 1.

A “failure” response continues the block on port 5 and causes port 1 to wait for the “held- time” period before trying again to achieve authentication through port 5.

Note

You can configure a switch port to operate as both a supplicant and an authenticator at the same time.

Terminology

802.1X-Aware:Refers to a device that is running either 802.1X authenticator software or 802.1X client software and is capable of interacting with other devices on the basis of the IEEE 802.1X standard.

Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a conventional, static VLAN previously configured on the switch by the System Administrator. The intent in using this VLAN is to provide authenticated clients with network services that are not available on either the port’s statically configured VLAN memberships or any VLAN memberships that may be assigned during the RADIUS authentication process. While an 802.1X port is a member of this VLAN, the port is untagged. When the client connection terminates, the port drops its membership in this VLAN.

Authentication Server: The entity providing an authentication service to the switch when the switch is configured to operate as an authenticator. In the case of a Series 2500 switch running 802.1X, this is a RADIUS server (unless local authentication is used, in which case the switch performs this function using its own username and password for authenticating a supplicant).

Authenticator: In ProCurve switch applications, a device such as a Series 2500 switch that requires a supplicant to provide the proper credentials (username and password) before being allowed access to the network.

CHAP (MD5): Challenge Handshake Authentication Protocol.

Client: In this application, an end-node device such as a management station, workstation, or mobile PC linked to the switch through a point-to-point LAN link.

33