HP (Hewlett-Packard) Q.11. (2510-24) ユーザーズマニュアル
8-7
Configuring Port-Based and Client-Based Access Control (802.1X)
Terminology
Terminology
802.1X-Aware:
Refers to a device that is running either 802.1X authenticator
software or 802.1X client software and is capable of interacting with other
devices on the basis of the IEEE 802.1X standard.
devices on the basis of the IEEE 802.1X standard.
Authorized-Client VLAN:
Like the Unauthorized-Client VLAN, this is a
conventional, static VLAN previously configured on the switch by the
System Administrator. The intent in using this VLAN is to provide authen-
ticated clients with network services that are not available on either the
port’s statically configured VLAN memberships or any VLAN member-
ships that may be assigned during the RADIUS authentication process.
While an 802.1X port is a member of this VLAN, the port is untagged. When
a port loses its authenticated client connection, it drops its membership
in this VLAN. Note that with multiple clients on a port, all such clients use
the same untagged, port-based VLAN membership.
System Administrator. The intent in using this VLAN is to provide authen-
ticated clients with network services that are not available on either the
port’s statically configured VLAN memberships or any VLAN member-
ships that may be assigned during the RADIUS authentication process.
While an 802.1X port is a member of this VLAN, the port is untagged. When
a port loses its authenticated client connection, it drops its membership
in this VLAN. Note that with multiple clients on a port, all such clients use
the same untagged, port-based VLAN membership.
Authentication Server:
The entity providing an authentication service to
the switch when the switch is configured to operate as an authenticator.
In the case of a switch running 802.1X, this is a RADIUS server (unless
local authentication is used, in which case the switch performs this
function using its own username and password for authenticating a
supplicant).
In the case of a switch running 802.1X, this is a RADIUS server (unless
local authentication is used, in which case the switch performs this
function using its own username and password for authenticating a
supplicant).
Authenticator:
In ProCurve applications, a switch that requires a supplicant
to provide the proper credentials before being allowed access to the
network.
network.
CHAP (MD5):
Challenge Handshake Authentication Protocol.
Client:
In this application, an end-node device such as a management station,
workstation, or mobile PC linked to the switch through a point-to-point
LAN link.
LAN link.
Client-Based Authentication:
The 802.1X extension in the switches cov-
ered in this guide. In this operation, multiple clients on the same port must
individually authenticate themselves.
individually authenticate themselves.
Guest VLAN:
See “Unauthorized-Client VLAN”.
EAP
(Extensible Authentication Protocol): EAP enables network access that
supports multiple authentication methods.