3-9
Web and MAC Authentication for the Series 2600/2600-PWR and 2800 Switches
Terminology
Terminology
Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a
conventional, static, untagged, port-based VLAN previously configured on
the switch by the System Administrator. The intent in using this VLAN is
to provide authenticated clients with network access and services. When
the client connection terminates, the port drops its membership in this
VLAN.
Authentication Server: The entity providing an authentication service to
the switch, for example, a RADIUS server.
Authenticator: In ProCurve switch applications, a device that requires a
client or device to provide the proper credentials (MAC address, or
username and password) before being allowed access to the network.
CHAP: Challenge Handshake Authentication Protocol. Also known as
“CHAP-RADIUS”.
Client: In this application, an end-node device such as a management station,
workstation, or mobile PC linked to the switch through a point-to-point
LAN link.
Redirect URL: A System Administrator-specified web page presented to an
authorized client following Web Authentication. ProCurve recommends
specifying this URL when configuring Web Authentication on a switch.
Refer to aaa port-access web-based [e] < port-list > [redirect-url < url >] on
page 3-21.
Static VLAN: A VLAN that has been configured as “permanent” on the switch
by using the CLI vlan < vid > command or the Menu interface.
Unauthorized-Client VLAN: A conventional, static, untagged, port-based
VLAN previously configured on the switch by the System Administrator.
It is used to provide limited network access and services to clients who
are not authenticated.