Enhancements
Release M.10.33 Enhancements
■The port is temporarily assigned as a member of an untagged (static or dynamic) VLAN for use during the client session according to the following order of options.
a.The port joins the VLAN to which it has been assigned by a RADIUS server during client authentication.
b.If RADIUS authentication does not include assigning the port to a VLAN, then the switch assigns the port to the
c.If the port does not have an
Operating Notes
■During client authentication, a port assigned to a VLAN by a RADIUS server or an authorized- client VLAN configuration is an untagged member of the VLAN for the duration of the authenti- cated session. This applies even if the port is also configured in the switch as a tagged member of the same VLAN. The following restrictions apply:
■
■
•If the port is assigned as a member of an untagged static VLAN, the VLAN must already be configured on the switch. If the static VLAN configuration does not exist, the authentication fails.
•If the port is assigned as a member of an untagged dynamic VLAN that was learned through GVRP, the dynamic VLAN configuration must exist on the switch at the time of authentication and
If the dynamic VLAN does not exist or if you have not enabled the use of a dynamic VLAN for authentication sessions on the switch, the authentication fails.
To enable the use of a
Enabling the use of dynamic VLANs in an authentication session offers the following benefits:
•You avoid the need of having static VLANs
•You can centralize the administration of user accounts (including user VLAN IDs) on a RADIUS server.
For information on how to enable the switch to dynamically create
■For an authentication session to proceed, a ProCurve port must be an untagged member of the (static or dynamic) VLAN assigned by the RADIUS server (or an
If the port is not already a member of the
103