33
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
2. The RADIUS server then responds with an MD5 access challenge that switch “B” forwards to
port 1 on switch “A”.
3. Port 1 replies with an MD5 hash response based on its username and password or other unique
credentials. Switch “B” forwards this response to the RADIUS server.
4. The RADIUS server then analyzes the response and sends either a “success” or “failure” packet
back through switch “B” to port 1.
• A “success” response unblocks port 5 to normal traffic from port 1.
• A “failure” response continues the block on port 5 and causes port 1 to wait for the “held-
time” period before trying again to achieve authentication through port 5.
Note
You can configure a switch port to operate as both a supplicant and an authenticator at the same time.
Terminology
802.1X-Aware: Refers to a device that is running either 802.1X authenticator software or 802.1X
client software and is capable of interacting with other devices on the basis of the IEEE 802.1X
standard.
Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a conventional, static VLAN
previously configured on the switch by the System Administrator. The intent in using this VLAN
is to provide authenticated clients with network services that are not available on either the port’s
statically configured VLAN memberships or any VLAN memberships that may be assigned during
the RADIUS authentication process. While an 802.1X port is a member of this VLAN, the port is
untagged. When the client connection terminates, the port drops its membership in this VLAN.
Authentication Server: The entity providing an authentication service to the switch when the
switch is configured to operate as an authenticator. In the case of a Series 2500 switch running
802.1X, this is a RADIUS server (unless local authentication is used, in which case the switch
performs this function using its own username and password for authenticating a supplicant).
Authenticator: In ProCurve switch applications, a device such as a Series 2500 switch that requires
a supplicant to provide the proper credentials (username and password) before being allowed
access to the network.
CHAP (MD5): Challenge Handshake Authentication Protocol.
Client: In this application, an end-node device such as a management station, workstation, or mobile
PC linked to the switch through a point-to-point LAN link.