Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP ProCurve 3400CL-24G Example of Untagged VLAN Assignment in a RADIUS-BasedAuthentication Session

1 197

Download 197 pages, 1.6 Mb

Enhancements

Release M.10.33 Enhancements

When the authentication session ends, the switch removes the temporary untagged VLAN assignment and re-activates the temporarily disabled, untagged VLAN assignment.

■If GVRP is already enabled on the switch, the temporary untagged (static or dynamic) VLAN created on the port for the authentication session is advertised as an existing VLAN.

If this temporary VLAN assignment causes the switch to disable a different untagged static or dynamic VLAN configured on the port, the disabled VLAN assignment is not advertised. When the authentication session ends, the switch:

•Removes the temporary untagged VLAN assignment and stops advertising it.

•Re-activates and resumes advertising the temporarily disabled, untagged VLAN assignment.

■If you modify a VLAN ID configuration on a port during an 802.1X, MAC, or Web authentication session, the changes do not take effect until the session ends.

■When a switch port is configured with RADIUS-based authentication to accept multiple 802.1X and/or MAC or Web authentication client sessions, all authenticated clients must use the same port-based, untagged VLAN membership assigned for the earliest, currently active client session.

Therefore, on a port where one or more authenticated client sessions are already running, all such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a new client, but attempts to re-assign the port to a different, untagged VLAN than the one already in use for the previously existing, authenticated client sessions, the connection for the new client will fail.

Example of Untagged VLAN Assignment in a RADIUS-Based Authentication Session

The following example shows how an untagged static VLAN is temporarily assigned to a port for use during an 802.1X authentication session. In the example, an 802.1X-aware client on port A2 has been authenticated by a RADIUS server for access to VLAN 22. However, port A2 is not configured as a member of VLAN 22 but as a member of untagged VLAN 33 as shown in Figure Figure 8.

104

Contents

Release Notes: Version M.10.72 Software Release Notes: Page Contents Page Page Page Page Page Page Page Software Management Software Updates Download Switch Documentation and Software from the Web Downloading Software to the Switch TFTP Download from a Server Xmodem Download From a PC or Unix Workstation Page Saving Configurations While Using the CLI Install Recommendations for I.08.12 Boot ROM Update ProCurve Switch, Routing Switch, and Router Software Keys Page Minimum Software Versions for Series 3400cl Switch Features OS/Web/Java Compatibility Table Enforcing Switch Security Switch Management Access Security Local Manager Password Inbound Telnet Access and Web Browser Access Secure File Transfers SNMP Access (Simple Network Management Protocol) Physical Access to the Switch Other Provisions for Management Access Security Network Access Security Secure Shell (SSH) Secure Socket Layer (SSLv3/TLSv1) Traffic/Security Filters 802.1X Access Control Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown Key Management System (KMS) Connection-RateFiltering Based On Virus-ThrottlingTechnology Identity-DrivenManagement (IDM) Clarifications and Updates Operating Notes for Jumbo Traffic-Handling Non-Genuine Mini-GBICDetection and Protection Initiative Publication Updates IGMP Command Update General Switch Traffic Security Guideline The Management VLAN IP Address Interoperating with 802.1s Multiple Spanning-Tree Rate-Limiting Known Issues Enhancements Release M.08.69 Enhancements Release M.08.70 through M.08.72 Enhancements Release M.08.73 Enhancements Release M.08.74 through M.08.77 Enhancements Release M.08.78 Enhancements Release M.08.79 Enhancements Release M.08.80 through M.08.83 Enhancements Release M.08.84 Enhancements Release M.08.85 through M.08.88 Enhancements Release M.08.89 Enhancements Page Page Page Page Page Page Using SNMP To View and Configure Switch Authentication Features Page Page Releases M.08.90 and M.08.91 Enhancements QoS Pass-ThroughMode Page Page Release M.08.94 Enhancements Page UDP Broadcast Forwarding Releases M.08.95 through M.10.01 Enhancements Release M.08.96 Enhancements Releases M.08.97 through M.10.01 Enhancements Release M.10.02 Enhancements RADIUS-AssignedAccess Control Lists (ACLs) Page Page Terminology General Operation The Packet-filteringProcess Page Page Page General Steps Determining Traffic Policies Planning the ACLs Needed To Enforce Traffic Policies Operating Rules for RADIUS-BasedACLs Limits for RADIUS-BasedACLs, Associated ACEs, and Counters Configuring an ACL in a RADIUS Server Page Page Page Configuring the Switch To Support RADIUS-BasedACLs Page Displaying the Current RADIUS-BasedACL Activity on the Switch Page Event Log Messages Causes of Client Deauthentication Immediately After Authenticating SFlow Show Commands Page Release M.10.04 Enhancements Page Page Page Page TCP/UDP Port Closure Page Spanning Tree Show Commands Page Release M.10.05 Enhancements Release M.10.06 Enhancements Release M.10.07 Enhancements Release M.10.08 Enhancements Release M.10.09 Enhancements Page Configuration Considerations Configuring UDLD Page Viewing UDLD Information Page Page Configuration Warnings and Event Log Messages Release M.10.10 Enhancements Spanning Tree Per-PortBPDU Filtering Viewing Status of BPDU Filtering Viewing Configuration of BPDU Filtering Releases M.10.11 through M.10.12 Enhancements Release M.10.13 Enhancements Releases M.10.14 through M.10.16 Enhancements Release M.10.17 Enhancements Terminology Configuring STP BPDU Protection Viewing BPDU Protection Status Release M.10.21 Enhancements Release M.10.22 Enhancements Page Release M.10.23 Enhancements Release M.10.24 Enhancements Release M.10.25 Enhancements Release M.10.26 Enhancements Release M.10.27 Enhancements Page Release M.10.28 Enhancements Release M.10.29 Enhancements Release M.10.30 Enhancements Release M.10.31 Enhancements Release M.10.32 Enhancements Release M.10.33 Enhancements Page Example of Untagged VLAN Assignment in a RADIUS-BasedAuthentication Session Page Page Enabling the Use of GVRP-LearnedDynamic VLANs in Authentication Sessions Release M.10.34 Enhancements Release M.10.35 Enhancements Page Page Page Page Page Release M.10.36 Enhancements Release M.10.37 Enhancements Configuring MSTP Port Connectivity Parameters Page Release M.10.38 Enhancements Send SNMP v2c Informs Release M.10.39 Enhancements RADIUS Server Unavailable Page Page ARP Age Timer Increase Page Release M.10.40 Enhancements Release M.10.41 Enhancements Release M.10.42 Enhancements Release M.10.43 Enhancements Page Page Page Page Potential Issues with Bindings Adding a Static Binding Page Page Release M.10.44 through M.10.64 Enhancements Release M.10.65 Enhancements Page Page Page Release M.10.66 Enhancements Page Page Release M.10.67 Enhancements Release M.10.68 Enhancements Release M.10.69 Enhancements Release M.10.70 Enhancements Release M.10.71 Enhancements Release M.10.72 Enhancements Software Fixes in Release M.08.51 - M.10.72 Release M.08.52 Release M.08.53 (Never Released) Release M.08.54 Release M.08.55 - Release M.08.60 Page Release M.08.62 Release M.08.63 Release M.08.64 Release M.08.65 Release M.08.66 Release M.08.67 Release M.08.68 Release M.08.69 Release M.08.70 Release M.08.71 Release M.08.72 Release M.08.73 Release M.08.74 Release M.08.75 Release M.08.76 Release M.08.77 Release M.08.78 Release M.08.79 Release M.08.80 Release M.08.81 Release M.08.82 Release M.08.83 Release M.08.84 Release M.08.85 Release M.08.86 Release M.08.87 Release M.08.88 Release M.08.89 Release M.08.90 Release M.08.91 Release M.08.92 Release M.08.93 Release M.08.94 Release M.08.95 Release M.08.96 Release M.08.97 Release M.10.01 Release M.10.02 Release M.10.03 Release M.10.04 Release M.10.05 Release M.10.06 Release M.10.07 Release M.10.08 Release M.10.09 Release M.10.10 Release M.10.11 Release M.10.12 Release M.10.13 Release M.10.14 Release M.10.15 Release M.10.16 Release M.10.17 Release M.10.18 - Release M.10.19 Release M.10.20 Release M.10.21 Release M.10.22 Release M.10.23 Release M.10.24 Release M.10.25 Release M.10.26 Release M.10.27 Release M.10.28 Release M.10.29 Release M.10.30 Release M.10.31 Release M.10.32 Release M.10.33 Release M.10.34 Release M.10.35 Release M.10.36 Release M.10.37 Release M.10.38 Release M.10.39 Release M.10.40 Release M.10.41 Release M.10.42 Release M.10.43 Release M.10.44 Release M.10.45 Release M.10.46 Release M.10.47 Release M.10.48 Release M.10.49 Release M.10.50 through M.10.64 Release M.10.65 Release M.10.66 Release M.10.67 Release M.10.68 Release M.10.69 Release M.10.70 Page Release M.10.71 Release M.10.72