HP procurve 2500 Manuale Utente

    44

Enhancements in Release F.05.05 through F.05.60

802.1X Open VLAN Mode

This section describes how to use the 802.1X Open VLAN mode to configure unauthorized-client and 
authorized-client VLANs on ports configured as 802.1X authenticators. 

Introduction

Configuring the 802.1X Open VLAN mode on a port changes how the port responds when it detects 
a new client. In earlier releases, a “friendly” client computer not running 802.1X supplicant software 
could not be authenticated on a port protected by 802.1X access security. As a result, the port would 
become blocked and the client could not access the network. This prevented the client from:

■

Acquiring IP addressing from a DHCP server

■

Downloading the 802.1X supplicant software necessary for an authentication session

The 802.1X Open VLAN mode solves this problem by temporarily suspending the port’s static, 
untagged VLAN membership and placing the port in a designated Unauthorized-Client VLAN. In this 
state the client can proceed with initialization services, such as acquiring IP addressing and 802.1X 
software, and starting the authentication process. Following authentication, the port drops its 
temporary (untagged) membership in the Unauthorized-Client VLAN and joins (or rejoins) one of the 
following as an untagged member:

■

The port joins a VLAN to which it has been assigned by a RADIUS server during 

authentication.

■

 If RADIUS authentication does not include assigning a VLAN to the port, then 

the switch assigns the port to the VLAN entered in the port’s 802.1X configuration as an 
Authorized-Client

 VLAN, if configured.

[no] aaa port-access authenticator [e] < port-list > 

           [auth-vid < vlan-id >]

           [unauth-vid < vlan-id >]