N o t e

Configuring Port-Based Access Control (802.1x)

Terminology

A "failure" response continues the block on port B5 and causes port A1 to wait for the "held-time" period before trying again to achieve authentication through port B5.

You can configure a switch port to operate as both a supplicant and an authenticator at the same time.

Terminology

802.1x-Aware:Refers to a device that is running either 802.1x authenticator software or 802.1x client software and is capable of interacting with other devices on the basis of the IEEE 802.1x standard.

Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a conventional, static VLAN previously configured on the switch by the System Administrator. The intent in using this VLAN is to provide authen- ticated clients with network services that are not available on either the port’s statically configured VLAN memberships or any VLAN member- ships that may be assigned during the RADIUS authentication process. While an 802.1x port is a member of this VLAN, the port is untagged. When the client connection terminates, the port drops its membership in this VLAN.

Authentication Server: The entity providing an authentication service to the switch when the switch is configured to operate as an authenticator. In the case of a Series 4100GL switch running 802.1x, this is a RADIUS server (unless local authentication is used, in which case the switch performs this function using its own username and password for authen- ticating a supplicant).

Authenticator: In HP Procurve switch applications, a device such as a Series 4100GL switch that requires a supplicant to provide the proper credentials (username and password) before being allowed access to the network.

CHAP (MD5): Challenge Handshake Authentication Protocol.

Client: In this application, an end-node device such as a management station, workstation, or mobile PC linked to the switch through a point-to-point LAN link.

6-7

Page 141
Image 141
HP 4100gl manual Terminology