HP procurve 2500 Manuale Utente
29
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Enhancements in Release F.05.05 through F.05.60
Troubleshooting Port-Isolation Operation
Configuring Port-Based Access Control (802.1X)
Overview
Why Use Port-Based Access Control?
Local Area Networks are often deployed in a way that allows unauthorized clients to attach to
network devices, or allows unauthorized users to get access to unattended clients on a network. Also,
the use of DHCP services and zero configuration make access to networking services easily available.
This exposes the network to unauthorized use and malicious attacks. While access to the network
should be made easy, uncontrolled and unauthorized access is usually not desirable. 802.1X provides
access control along with the ability to control user profiles from a central RADIUS server while
allowing users access from multiple points within the network.
network devices, or allows unauthorized users to get access to unattended clients on a network. Also,
the use of DHCP services and zero configuration make access to networking services easily available.
This exposes the network to unauthorized use and malicious attacks. While access to the network
should be made easy, uncontrolled and unauthorized access is usually not desirable. 802.1X provides
access control along with the ability to control user profiles from a central RADIUS server while
allowing users access from multiple points within the network.
Symptom
Possible Cause
Connectivity
problems.
problems.
• A port may be configured as a tagged member of a VLAN, or multiple VLANs may be configured
on the switch. Ensure that all ports are untagged members of VLAN 1 (the default VLAN) and that
no other VLANs are configured on the switch.
no other VLANs are configured on the switch.
• Illegal port trunking. Port Isolation does not allow trunks on Private ports, or more than one Port-
Isolation type in a trunk. Also, Port Isolation allows an LACP trunk only on Uplink ports.
• A port on a device connected to the switch may be configured as a tagged member of a VLAN.
• GVRP may be enabled on the switch.
See “Operating Rules for Port Isolation” on page 23 and “Steps for Configuring Port Isolation” on
page 24.
• GVRP may be enabled on the switch.
See “Operating Rules for Port Isolation” on page 23 and “Steps for Configuring Port Isolation” on
page 24.
Feature
Default
Menu
CLI
Web
Configuring Switch Ports as 802.1X Authenticators
Disabled
n/a
n/a
Configuring 802.1X Open VLAN Mode
Disabled
n/a
n/a
Configuring Switch Ports to Operate as 802.1X Supplicants
Disabled
n/a
n/a
Displaying 802.1X Configuration, Statistics, and Counters
n/a
n/a
n/a
How 802.1X Affects VLAN Operation
n/a
n/a
n/a
RADIUS Authentication and Accounting