HP ProCurve 6400cl Series Access Security Manual page 281
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Supplicant: The entity that must provide the proper credentials to the switch
before receiving access to the network. This is usually an end-user work
station, but it can be a switch, router, or another device seeking network
services.
Tagged Membership in a VLAN: This type of VLAN membership allows a
port to be a member of multiple VLANs simultaneously. If a client
connected to the port has an operating system that supports 802.1Q VLAN
tagging, then the client can access VLANs for which the port is a tagged
member. If the client does not support VLAN tagging, then it can access
only a VLAN for which the port is an untagged member. (A port can be an
untagged member of only one port-based VLAN at a time.) Where a port
is a tagged member of a VLAN, 802.1X Open VLAN mode does not affect
the port's access to the VLAN unless the port is statically configured as a
member of a VLAN that is also configured as the Unauthorized-Client or
Authorized-Client VLAN. See also "Untagged Membership in a VLAN".
Unauthorized-Client VLAN: A conventional, static VLAN previously config
ured on the switch. It is used to provide access to a client prior to
authentication. It should be set up to allow an unauthenticated client to
access only the initialization services necessary to establish an authenti
cated connection, plus any other desirable services whose use by an
unauthenticated client poses no security threat to your network. (Note
that an unauthenticated client has access to all network resources that
have membership in the VLAN you designate as the Unauthorized-Client
VLAN.) A port configured to use a given Unauthorized-Client VLAN does
not have to be statically configured as a member of that VLAN as long as
at least one other port on the switch is statically configured as a tagged
or untagged member of the same Unauthorized-Client VLAN. An unautho-
rized-client VLAN is available on a port only if there is no authenticated
client already using the port.
Untagged Membership in a VLAN: A port can be an untagged member of
only one VLAN. (In the factory-default configuration, all ports on the
switch are untagged members of the default VLAN.) An untagged VLAN
membership is required for a client that does not support 802.1q VLAN
tagging. A port can simultaneously have one untagged VLAN membership
and multiple tagged VLAN memberships. Depending on how you
configure 802.1X Open VLAN mode for a port, a statically configured,
untagged VLAN membership may become unavailable while there is a
client session on the port. See also "Tagged Membership in a VLAN".
Configuring Port-Based and Client-Based Access Control (802.1X)
Terminology
10-7
Advertisement
Table of Contents
