Manualshelf

Installation guide

ManualsBrandsProCurve ManualsComputer equipment2510G Series
41424344454647484950
44
Software Fixes in Releases Y.11.01 - Y.11.16
Release Y.11.12
access mac-based functions. Software versions that contain this fix will not allow this
configuration conflict at the CLI. Existing configurations will be altered by this fix, and an
error will be reported at the switch CLI and event log.
Best Practice Tip: 802.1X should not have an unauthenticated VLAN setting when it works
concurrently with Web-based or MAC-based authentication if the unauth-period in 802.1X is zero
(the default value). Recall that the unauth-period is the time that 802.1X will wait for authenti-
cation completion before the client will be authorized on an unauthenticated VLAN. If 802.1X is
associated with an unauthenticated VLAN when the unauth-period is zero, Web- or MAC-auth
may not get the opportunity to initiate authentication at all if the first packet from the client is
an 802.1X packet. Alternatively, if the first packet sent was not 802.1X, Web- or MAC-auth could
be initiated before 802.1X places the user in the unauthenticated VLAN and when Web- or
MACauth completes successfully, it will be awaiting traffic (to enable VLAN assignment) from
the client but the traffic will be restricted to the unauthenticated VLAN, and thus the client will
remain there.
If a MAC- or Web-based configuration on a port is associated with an unauth-VID, and an attempt
is made to configure an unauth-VID for 802.1X (port-access authenticator), the switch with this
fix will reject the configuration change with a message similar to one of the following.
Message 1 (when an unauth-vid config is attempted on a port with an existing Web- or MAC-auth
unauth-vid):
Configuration change denied for port <number>. Only Web or
MACauthenticator can have unauthenticated VLAN enabled if 802.1X
authenticator is enabled on the same port. Please disable Web and
MAC authentication on this port using the following commands:
"no aaa port-access web-based <PORT-LIST>" or
"no aaa port-access mac-based <PORT-LIST>"
Then you can enable 802.1X authentication with unauthenticated
VLAN. You can re-enable Web and/or MAC authentication after you
remove the unauthenticated VLAN from 802.1X. Note that you can
set unauthenticated VLAN for Web or MAC authentication instead.
Message 2 (when an unauth-vid config is attempted on a port with an existing 802.1X unauth-vid):
Configuration change denied for port <number>. Only Web or MAC-
authenticator can have unauthenticated VLAN enabled if 802.1X
authenticator is enabled on the same port. Please remove the
unauthenticated VLAN from 802.1X authentication on this port using
the following command:
"no aaa port-access authenticator <PORT-LIST> unauth-vid"
Note that you can set unauthenticated VLAN for Web or MAC
authentication instead.