HP procurve 2500 사용자 설명서

    46

Enhancements in Release F.05.05 through F.05.60

No Open VLAN mode:

The port automatically blocks a client that cannot initiate an authen-
tication session.

Open VLAN mode with both of the following configured:

Unauthorized-Client VLAN

• When the port detects a client, it automatically becomes an 

untagged member of this VLAN. If you previously configured the 
port as a static, tagged member of the VLAN, membership 
temporarily changes to untagged while the client remains 
unauthenticated.

• If the port already has a statically configured, untagged 

membership in another VLAN, then the port temporarily closes 
access to this other VLAN while in the Unauthorized-Client VLAN.

• To limit security risks, the network services and access available 

on the Unauthorized-Client VLAN should include only what a client 
needs to enable an authentication session. If the port is statically 
configured as a tagged member of any other VLANs, access to 
these VLANs remains open, even though the client may not be 
authenticated. Refer to the Caution on page 45.

Authorized-Client VLAN

• After the client is authenticated, the port drops membership in the 

Unauthorized-Client VLAN and becomes an untagged member of 
this VLAN.

Note: If RADIUS authentication assigns a VLAN, the port 
temporarily becomes a member of the RADIUS-assigned VLAN 
—instead of the Authorized-Client VLAN—while the client is 
connected. 

• If the port is statically configured as a tagged member of a VLAN, 

and this VLAN is used as the Authorized-Client VLAN, then the port 
temporarily becomes an untagged member of this VLAN when the 
client becomes authenticated. When the client disconnects, the 
port returns to tagged membership in this VLAN. 

• If the port is statically configured as a tagged member of a VLAN 

that is not used by 802.1X Open VLAN mode, an unauthenticated 
client capable of operating in tagged VLANs has access to this 
VLAN. Refer to the Caution on page 45.