System information

ManualsBrandsProCurve ManualsComputer equipment3400cl

201

202

203

204

205

206

207

208

209

210

Configuring Port-Based Access Control (802.1x)

General Operating Rules and Notes

member of that VLAN as long as at least one other port on the switch is

statically configured as a tagged or untagged member of the same Unau-

thorized-Client VLAN.

Untagged VLAN Membership: A port can be an untagged member of only

one VLAN. (In the factory-default configuration, all ports on the switch

are untagged members of the default VLAN.) An untagged VLAN member-

ship is required for a client that does not support 802.1q VLAN tagging. A

port can simultaneously have one untagged VLAN membership and

multiple tagged VLAN memberships. Depending on how you configure

802.1x Open VLAN mode for a port, a statically configured, untagged

VLAN membership may become unavailable while there is a client session

on the port. See also “Tagged VLAN Membership”.

General Operating Rules and Notes

■ When a port on the switch is configured as either an authenticator or

supplicant and is connected to another device, rebooting the switch

causes a re-authentication of the link.

■ When a port on the switch is configured as an authenticator, it will block

access to a client that either does not provide the proper authentication

credentials or is not 802.1x-aware. (You can use the optional 802.1x Open

VLAN mode to open a path for downloading 802.1x supplicant software

to a client, which enables the client to initiate the authentication proce-

dure. Refer to

“802.1x Open VLAN Mode” on page 9-20.)

■ If a port on switch “A” is configured as an 802.1x supplicant and is

connected to a port on another switch, “B”, that is not 802.1x-aware,

access to switch “B” will occur without 802.1x security protection.

■ You can configure a port as both an 802.1x authenticator and an 802.1x

supplicant.

■ If a port on switch “A” is configured as both an 802.1x authenticator and

supplicant and is connected to a port on another switch, “B”, that is not

802.1x-aware, access to switch “B” will occur without 802.1x security

protection, but switch “B” will not be allowed access to switch “A”. This

means that traffic on this link between the two switches will flow from

“A” to “B”, but not the reverse.

■ If a client already has access to a switch port when you configure the port

for 802.1x authenticator operation, the port will block the client from

further network access until it can be authenticated.

9-9