BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
BMD00113, September 2009 Chapter 3: Port-Based Network Access Control 81
EAPoL Port States
The state of the port determines whether the client is granted access to the network, as follows:
Unauthorized
While in this state the port discards all ingress and egress traffic except EAP packets.
Authorized
When the client is successfully authenticated, the port transitions to the authorized state
allowing all traffic to and from the client to flow normally.
Force Unauthorized
You can configure this state that denies all access to the port.
Force Authorized
You can configure this state that allows full access to the port.
Use the 802.1X Global Configuration Menu (/cfg/l2/8021x/global) to configure 802.1X
authentication for all ports in the switch. Use the 802.1X Port Menu
(/cfg/l2/8021x/port <x>) to configure a single port.
Guest VLAN
The guest VLAN provides limited access to unauthenticated ports. Use the following command to
configure a guest VLAN: /cfg/l2/8021x/global/gvlan
Client ports that have not received an EAPOL response are placed into the Guest VLAN, if one is
configured on the switch. Once the port is authenticated, it is moved from the Guest VLAN to its
configured VLAN.
When Guest VLAN enabled, the following considerations apply while a port is in the
unauthenticated state:
The port is placed in the guest VLAN.
The Port VLAN ID (PVID) is changed to the Guest VLAN ID.
Port tagging is disabled on the port.