KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

491

492

493

494

495

496

497

498

499

500

VLAN configured on the port (as described in the preceding bullet and in “Example of untagged

VLAN assignment in a RADIUS-based authentication session” (page 354), the disabled VLAN

assignment is not advertised. When the authentication session ends, the switch:

◦ Removes the temporary untagged VLAN assignment and stops advertising it.

◦ Re-activates and resumes advertising the temporarily disabled, untagged VLAN assignment.

• If you modify a VLAN ID configuration on a port during an 802.1X, MAC, or Web

authentication session, the changes do not take effect until the session ends.

• When a switch port is configured with RADIUS-based authentication to accept multiple 802.1X

and/or MAC or Web authentication client sessions, all authenticated clients must use the same

port-based, untagged VLAN membership assigned for the earliest, currently active client

session. Therefore, on a port where one or more authenticated client sessions are already

running, all such clients are on the same untagged VLAN (unless MAC-based VLANs are

enabled. See “MAC-based VLANs” (page 197)). If a RADIUS server subsequently authenticates

a new client, but attempts to re-assign the port to a different, untagged VLAN than the one

already in use for the previously existing, authenticated client sessions, the connection for the

new client will fail.

Messages Related to 802.1X Operation

Table 56 Messages related to 802.1x operation

MeaningMessage

The ports in the port list have not been enabled as 802.1X authenticators. Use

this command to enable the ports as authenticators:

HP Switch(config)# aaa port-access authenticator e 10

Port < port-list > is not an

authenticator.

Occurs when there is an attempt to change the supplicant configuration on a

port that is not currently enabled as a supplicant. Enable the port as a supplicant

Port < port-list > is not a supplicant.

and then make the desired supplicant configuration changes. See “Enabling a

Switch Port as a Supplicant.” (page 479).

This message can appear if you configured the switch for EAP-RADIUS or

CHAP-RADIUS authentication, but the switch does not receive a response from

No server(s) responding.

a RADIUS server. Ensure that the switch is configured to access at least one

RADIUS server. (Use show radius.) If you also see the message Can’t reach

RADIUS server < x.x.x.x >, try the suggestions listed for that message.

To maintain security, LACP is not allowed on ports configured for 802.1X

authenticator operation. If you configure port security on a port on which LACP

LACP has been disabled on 802.1X

port(s).

(active or passive) is configured, the switch removes the LACP configuration,

displays a notice that LACP is disabled on the port(s), and enables 802.1X on

that port.

Also, the switch will not allow you to configure LACP on a port on which port

access (802.1X) is enabled.

Error configuring port < port-number

>: LACP and 802.1X cannot be run

together.

Messages Related to 802.1X Operation 497