HP procurve 2500 Manuale Utente
45
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Enhancements in Release F.05.05 through F.05.60
■
3rd Priority:
If the port does not have an Authorized-Client VLAN configured, but does have
a static, untagged VLAN membership in its configuration, then the switch assigns the port to
this VLAN.
this VLAN.
If the port is not configured for any of the above, then it must be a tagged member of at least one
VLAN. In this case, if the client is capable of operating in a tagged VLAN, then it can access that VLAN.
Otherwise, the connection will fail.
VLAN. In this case, if the client is capable of operating in a tagged VLAN, then it can access that VLAN.
Otherwise, the connection will fail.
C a u t i o n
If a port is a tagged member of a statically configured VLAN, 802.1X Open VLAN mode does not
prevent unauthenticated client access to such VLANs if the client is capable of operating in a tagged
VLAN environment. To avoid possible security breaches, HP recommends that you not allow a tagged
VLAN membership on a port configured for 802.1X Open VLAN mode unless you use the tagged VLAN
as the Unauthorized-Client VLAN.
prevent unauthenticated client access to such VLANs if the client is capable of operating in a tagged
VLAN environment. To avoid possible security breaches, HP recommends that you not allow a tagged
VLAN membership on a port configured for 802.1X Open VLAN mode unless you use the tagged VLAN
as the Unauthorized-Client VLAN.
Use Models for 802.1X Open VLAN Modes
You can apply the 802.1X Open VLAN mode in more than one way. Depending on your use, you will
need to create one or two static VLANs on the switch for exclusive use by per-port 802.1X Open VLAN
mode authentication:
need to create one or two static VLANs on the switch for exclusive use by per-port 802.1X Open VLAN
mode authentication:
■
Unauthorized-Client VLAN:
Configure this VLAN when unauthenticated, friendly clients
will need access to some services before being authenticated.
■
Authorized-Client VLAN:
Configure this VLAN for authenticated clients when the port is
not statically configured as an untagged member of a VLAN you want clients to use, or when
the port is statically configured as an untagged member of a VLAN you do not want clients
to use. (A port can be configured as untagged on only one VLAN. When an Authorized-Client
VLAN is configured, it will always be untagged and will block the port from using a statically
configured, untagged membership in another VLAN.)
the port is statically configured as an untagged member of a VLAN you do not want clients
to use. (A port can be configured as untagged on only one VLAN. When an Authorized-Client
VLAN is configured, it will always be untagged and will block the port from using a statically
configured, untagged membership in another VLAN.)