HP (Hewlett-Packard) 2300 Switch User Manual


 
44
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
802.1X Open VLAN Mode
This section describes how to use the 802.1X Open VLAN mode to configure unauthorized-client and
authorized-client VLANs on ports configured as 802.1X authenticators.
Introduction
Configuring the 802.1X Open VLAN mode on a port changes how the port responds when it detects
a new client. In earlier releases, a “friendly” client computer not running 802.1X supplicant software
could not be authenticated on a port protected by 802.1X access security. As a result, the port would
become blocked and the client could not access the network. This prevented the client from:
Acquiring IP addressing from a DHCP server
Downloading the 802.1X supplicant software necessary for an authentication session
The 802.1X Open VLAN mode solves this problem by temporarily suspending the port’s static,
untagged VLAN membership and placing the port in a designated Unauthorized-Client VLAN. In this
state the client can proceed with initialization services, such as acquiring IP addressing and 802.1X
software, and starting the authentication process. Following authentication, the port drops its
temporary (untagged) membership in the Unauthorized-Client VLAN and joins (or rejoins) one of the
following as an untagged member:
1st Priority: The port joins a VLAN to which it has been assigned by a RADIUS server during
authentication.
2nd Priority: If RADIUS authentication does not include assigning a VLAN to the port, then
the switch assigns the port to the VLAN entered in the port’s 802.1X configuration as an
Authorized-Client VLAN, if configured.
802.1X Authentication Commands page 38
802.1X Supplicant Commands page 58
802.1X Open VLAN Mode Commands
[no] aaa port-access authenticator [e] < port-list > page 53
[auth-vid < vlan-id >]
[unauth-vid < vlan-id >]
802.1X-Related Show Commands page 61
RADIUS server configuration pages 43