Configuring
Displaying 802.1X Configuration, Statistics, and Counters
■When the Unauth VLAN ID is configured and matches the Current VLAN ID in the above command output, an unauthenticated client is connected to the port. (This assumes the port is not a statically configured member of the VLAN you are using for Unauth VLAN.)
Note that because a temporary Open VLAN port assignment to either an authorized or unauthorized VLAN is an untagged VLAN membership, these assignments temporarily replace any other untagged VLAN membership that is statically configured on the port. For example, if port A12 is statically configured as an untagged member of VLAN 1, but is configured to use VLAN 25 as an authorized VLAN, then the port’s membership in VLAN 1 will be temporarily suspended whenever an authenticated 802.1X client is attached to the port.
TableStatus Indicator | Meaning |
Port | Lists the ports configured as 802.1X |
|
|
Status | Closed: Either no client is connected or the connected client has not received authorization through |
| 802.1X authentication. |
| Open: An authorized 802.1X supplicant is connected to the port. |
Access Control
This state is controlled by the following
ProCurve(config)# aaa
| Auto: Configures the port to allow network access to any connected device that supports 802.1X |
| authentication and provides valid 802.1X credentials. (This is the default authenticator setting.) |
| FA: Configures the port for “Force Authorized”, which allows access to any device connected to |
| the port, regardless of whether it meets 802.1X criteria. (You can still configure console, Telnet, or |
| SSH security on the port.) |
| FU: Configures the port for “Force Unauthorized”, which blocks access to any device connected |
| to the port, regardless of whether the device meets 802.1X criteria. |
|
|
Authenticator State | Connecting: A client is connected to the port, but has not received 802.1X authentication. |
| Force Unauth: Indicates the “Force Unauthorized” state. Blocks access to the network, regardless |
| of whether the client supports 802.1X authentication or provides 802.1X credentials. |
| Force Auth: Indicates the “Force Authorized” state. Grants access to any device connected to the |
| port. The device does not have to support 802.1X authentication or provide 802.1X credentials. |
| Authorized: The device connected to the port supports 802.1X authentication, has provided 802.1X |
| credentials, and has received access to the network. This is the default state for access control. |
| Disconnected: No client is connected to the port. |
|
|
Authenticator | Idle: The switch is not currently interacting with the RADIUS authentication server. Other states |
Backend State | (Request, Response, Success, Fail, Timeout, and Initialize) may appear temporarily to indicate |
| interaction with a RADIUS server. However, these interactions occur quickly and are replaced by |
| Idle when completed. |