8-41
Configuring Port-Based Access Control (802.1X)
Displaying 802.1X Configuration, Statistics, and Counters
■ When the Unauth VLAN ID is configured and matches the Current VLAN
ID in the above command output, an unauthenticated client is
connected to the port. (This assumes the port is not a statically
configured member of the VLAN you are using for Unauth VLAN.)
Note that because a temporary Open VLAN port assignment to either an
authorized or unauthorized VLAN is an untagged VLAN membership, these
assignments temporarily replace any other untagged VLAN membership that
is statically configured on the port. For example, if port A12 is statically
configured as an untagged member of VLAN 1, but is configured to use VLAN
25 as an authorized VLAN, then the port’s membership in VLAN 1 will be
temporarily suspended whenever an authenticated 802.1X client is attached
to the port.
Table 8-2. Open VLAN Mode Status
Status Indicator Meaning
Port Lists the ports configured as 802.1X port-access authenticators.
Status Closed: Either no client is connected or the connected client has not received authorization through
802.1X authentication.
Open: An authorized 802.1X supplicant is connected to the port.
Access Control
This state is controlled by the following port-access command syntax:
ProCurve(config)# aaa port-access authenticator < port-list > control < authorized | auto | unauthorized >
Auto: Configures the port to allow network access to any connected device that supports 802.1X
authentication and provides valid 802.1X credentials. (This is the default authenticator setting.)
FA: Configures the port for “Force Authorized”, which allows access to any device connected to
the port, regardless of whether it meets 802.1X criteria. (You can still configure console, Telnet, or
SSH security on the port.)
FU: Configures the port for “Force Unauthorized”, which blocks access to any device connected
to the port, regardless of whether the device meets 802.1X criteria.
Authenticator State Connecting: A client is connected to the port, but has not received 802.1X authentication.
Force Unauth: Indicates the “Force Unauthorized” state. Blocks access to the network, regardless
of whether the client supports 802.1X authentication or provides 802.1X credentials.
Force Auth: Indicates the “Force Authorized” state. Grants access to any device connected to the
port. The device does not have to support 802.1X authentication or provide 802.1X credentials.
Authorized: The device connected to the port supports 802.1X authentication, has provided 802.1X
credentials, and has received access to the network. This is the default state for access control.
Disconnected: No client is connected to the port.
Authenticator
Backend State
Idle: The switch is not currently interacting with the RADIUS authentication server. Other states
(Request, Response, Success, Fail, Timeout, and Initialize) may appear temporarily to indicate
interaction with a RADIUS server. However, these interactions occur quickly and are replaced by
Idle when completed.