HP procurve 2500 사용자 설명서

47    

Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60

Open VLAN Mode with Only an Unauthorized-Client VLAN Configured:

• When the port detects a client, it automatically becomes an 

untagged member of this VLAN. To limit security risks, the network 
services and access available on this VLAN should include only 
what a client needs to enable an authentication session. If the port 
is statically configured as an untagged member of another VLAN, 
the switch temporarily removes the port from membership in this 
other VLAN while membership in the Unauthorized-Client VLAN 
exists. 

• After the client is authenticated, and if the port is statically 

configured as an untagged member of another VLAN, the port’s 
access to this other VLAN is restored.

• If the port is statically configured as a tagged member of a VLAN 

that is not used by 802.1X Open VLAN mode, an unauthenticated 
client capable of operating in tagged VLANs can access this 
VLAN. Refer to the Caution on page 45.

Note: If RADIUS authentication assigns a VLAN to the port, this 
assignment overrides any statically configured, untagged VLAN 
membership on the port (while the client is connected). 

Open VLAN Mode with Only an Authorized-Client VLAN Configured:

• Port automatically blocks a client that cannot initiate an 

authentication session.

• If the client successfully completes an authentication session, the 

port becomes an untagged member of this VLAN. 

• If the port is statically configured as a tagged member of any other 

VLANs, an authenticated client capable of operating in a tagged 
VLAN environment can access these VLANs. 

Note: If RADIUS authentication assigns a VLAN, the port temporarily 
becomes a member of the RADIUS-assigned VLAN —instead of the 
Authorized-Client VLAN—while the client is connected.