HP (Hewlett-Packard) 2800 Series Switch User Manual


 
8-47
Configuring Port-Based Access Control (802.1X)
How RADIUS/802.1X Authentication Affects VLAN Operation
When the 802.1X client’s session on port A2 ends, the port discards the
temporary untagged VLAN membership. At this time the static VLAN
actually configured as untagged on the port again becomes available.
Thus, when the RADIUS-authenticated 802.1X session on port A2 ends,
VLAN 22 access on port A2 also ends, and the untagged VLAN 33 access
on port A2 is restored.
Figure 8-10. The Active Configuration for VLAN 33 Restores Port A2 After the 802.1X Session Ends
Notes Any port VLAN-ID changes you make on 802.1X-aware ports during an 802.1X-
authenticated session do not take effect until the session ends.
With GVRP enabled, a temporary, untagged static VLAN assignment created
on a port by 802.1X authentication is advertised as an existing VLAN. If this
temporary VLAN assignment causes the switch to disable a configured
(untagged) static VLAN assignment on the port, then the disabled VLAN
assignment is not advertised. When the 802.1X session ends, the switch:
Eliminates and ceases to advertise the temporary VLAN assignment.
Re-activates and resumes advertising the temporarily disabled VLAN
assignment.
After the 802.1X session
on VLAN 22 ends, the
active configuration
again includes VLAN 33
on port A2.