KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

191

192

193

194

195

196

197

198

199

200

well, for example, the Configuration Report. The Wizard utility is not accessible in the Navigation

pane if the setup command is not allowed.

If the user is not authorized to use the WebAgent, the WebAgent displays a blank window with

a message that states “You are not authorized to access Web UI”.

In some cases, there may be authorization to configure a subset of options or values. One of the

following messages may appear:

• You are not authorized to configure <value> for <option>

• You are authorized to configure only <value_1>, <value_2> values for <option>

• You are not authorized to <operation><value>, where <operation> can be

delete/upload/download, and <value> is the configured value.

MAC-based VLANs

MAC-Based VLANs (MBVs) allow multiple clients on a single switch port to receive different untagged

VLAN assignments. VLAN assignment of untagged traffic is based on the source MAC address

rather than the port. Clients receive their untagged VLAN assignment from the RADIUS server. This

feature adheres to the requirement that if all known IDM attributes for a given client cannot be

applied the authentication request for that client must be rejected.

Both authenticated and unauthenticated clients can reside on the same port on different VLANs,

but only if the mixed-mode configuration is enabled. This is not the default behavior. The normal

operating behavior is to not allow unauthenticated clients on the port when at least one authenticated

client is present on the port. If an unauthenticated client is present on the unauth VLAN and another

client successfully authenticates on that port, the unauthenticated client is kicked off the port.

When a MBV cannot be applied due to a conflict with another client on that port a message

indicating VID arbitration error is logged.

When a MBV cannot be applied due to lack of resources a message indicating lack of resources

is logged.

There is no command line support for this feature. The decision to use a MBV is made automatically

if the hardware is capable and if the situation necessitates. If multiple clients authenticate on different

untagged VLANs on hardware that does not support MBVs, the switch will reject all clients

authorized on a VLAN different from the first client's VLAN - the first authenticated client sets the

Port VID (PVID).

This feature has the side effect of allowing egress traffic from one client's VLAN to be accepted by

all untagged clients on that port. For example, suppose that clients A and B are both located on

the same switch port, but on two different VLANs. If client A is subscribing to a multicast stream,

then client B also receives that multicast traffic.

Messages related to RADIUS operation

MeaningMessage

A designated RADIUS server is not responding to an

authentication request. Try pinging the server to determine

Can’t reach RADIUS server < x.x.x.x >.

whether it is accessible to the switch. If the server is

accessible, then verify that the switch is using the correct

encryption key and that the server is correctly configured

to receive an authentication request from the switch.

The switch is configured for and attempting RADIUS

authentication, however it is not receiving a response from

No server(s) responding.

a RADIUS server. Ensure that the switch is configured to

access at least one RADIUS server. (Use show radius.) If

Messages related to RADIUS operation 197