HP (Hewlett-Packard) 2600 Switch User Manual


 
Configuring Port-Based Access Control (802.1X)
Terminology
A “failure” response continues the block on port B5 and causes port
A1 to wait for the “held-time” period before trying again to achieve
authentication through port B5.
Note You can configure a switch port to operate as both a supplicant and an
authenticator at the same time.
Terminology
802.1X-Aware: Refers to a device that is running either 802.1X authenticator
software or 802.1X client software and is capable of interacting with other
devices on the basis of the IEEE 802.1X standard.
Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a
conventional, static VLAN previously configured on the switch by the
System Administrator. The intent in using this VLAN is to provide authen-
ticated clients with network services that are not available on either the
port’s statically configured VLAN memberships or any VLAN member-
ships that may be assigned during the RADIUS authentication process.
While an 802.1X port is a member of this VLAN, the port is untagged. When
the client connection terminates, the port drops its membership in this
VLAN.
Authentication Server: The entity providing an authentication service to
the switch when the switch is configured to operate as an authenticator.
In the case of an HP ProCurve switch running 802.1X, this is a RADIUS
server (unless local authentication is used, in which case the switch
performs this function using its own username and password for authen-
ticating a supplicant).
Authenticator: In HP ProCurve switch applications, a device such as a
switch that requires a supplicant to provide the proper credentials (user-
name and password) before being allowed access to the network.
CHAP (MD5): Challenge Handshake Authentication Protocol.
Client: In this application, an end-node device such as a management station,
workstation, or mobile PC linked to the switch through a point-to-point
LAN link.
8-8