EasyManuals Logo
Home>HP>Switch>J8697A

HP J8697A User Manual

HP J8697A
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #281 background image
6-47
RADIUS Authentication, Authorization, and Accounting
VLAN Assignment in an Authentication Session
VLAN Assignment in an Authentication
Session
A switch supports concurrent 802.1X and either Web- or MAC-authentication
sessions on a port (with up to 32 clients allowed). If you have configured
RADIUS as the primary authentication method for a type of access, when a
client authenticates on a port, the RADIUS server assigns an untagged VLAN
that is statically configured on the switch for use in the authentication session.
(For information on how to configure a user profile on a RADIUS server with
the VLAN to be assigned for 802.1X, Web, or MAC authentication, refer to the
documentation provided with the RADIUS server application.)
If a switch port is configured to accept multiple 802.1X and/or Web- or MAC-
Authentication client sessions, all authenticated clients must use the same
port-based, untagged VLAN membership assigned for the earliest, currently
active client session. On a port where one or more authenticated client
sessions are already running, all clients are on the same untagged VLAN
(unless MAC-based VLANs are enabled. Please see “MAC-Based VLANs” on
page 6-51). If the RADIUS server subsequently authenticates a new client, but
attempts to re-assign the port to a different, untagged VLAN than the one
already in use for the previously existing, authenticated client sessions, the
connection for the new client will fail.
Tagged and Untagged VLAN Attributes
When you configure a user profile on a RADIUS server to assign a VLAN to an
authenticated client, you can use either the VLAN’s name or VLAN ID (VID)
number. For example, if a VLAN configured in the switch has a VID of 100 and
is named vlan100, you could configure the RADIUS server to use either “100”
or “vlan100” to specify the VLAN.
After the RADIUS server validates a client’s username and password, the
RADIUS server returns an Access-Accept packet that contains the VLAN
assignment and the following attributes for use in the authentication session:
Egress-VLANID: Configures an optional, egress VLAN ID for either
tagged or untagged packets (RFC 4675).
Egress-VLAN-Name: Configures an optional, egress VLAN for either
tagged or untagged packets when the VLAN ID is not known (RFC
4675).

Table of Contents

Other manuals for HP J8697A

Preview: Advanced Traffic Management Guide
Advanced Traffic Management Guide460 pages
Preview: Installation Guide
Installation Guide56 pages
Preview: Planning And Implementation Guide
Planning And Implementation Guide58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP J8697A and is the answer not in the manual?

HP J8697A Specifications

General IconGeneral
BrandHP
ModelJ8697A
CategorySwitch
LanguageEnglish

Related product manuals