Manualshelf

ProCurve Series 2300 and 2500 Switches Release Notes

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
24
Enhancements in Release F.05.xx
Configuring Port-Based Access Control (802.1x)
Terminology
802.1x-Aware: Refers to a device that is running either 802.1x authenticator software or 802.1x client
software and is capable of interacting with other devices on the basis of the IEEE 802.1x standard.
Authorized-Client VLAN: Like the Unauthorized-Client VLAN, this is a conventional, static VLAN
previously configured on the switch by the System Administrator. The intent in using this VLAN
is to provide authenticated clients with network services that are not available on either the port’s
statically configured VLAN memberships or any VLAN memberships that may be assigned during
the RADIUS authentication process. While an 802.1x port is a member of this VLAN, the port is
untagged. When the client connection terminates, the port drops its membership in this VLAN.
Authentication Server: The entity providing an authentication service to the switch when the
switch is configured to operate as an authenticator. In the case of a Series 2500 switch running
802.1x, this is a RADIUS server (unless local authentication is used, in which case the switch
performs this function using its own username and password for authenticating a supplicant).
Authenticator: In HP ProCurve switch applications, a device such as a Series 2500 switch that
requires a supplicant to provide the proper credentials (username and password) before being
allowed access to the network.
CHAP (MD5): Challenge Handshake Authentication Protocol.
Client: In this application, an end-node device such as a management station, workstation, or mobile
PC linked to the switch through a point-to-point LAN link.
EAP (Extensible Authentication Protocol): EAP enables network access that supports multiple
authentication methods.
EAPOL: Extensible Authentication Protocol Over LAN,
as defined in the 802.1x standard.
Friendly Client: A client that does not pose a security risk if given access to the switch and your
network.
MD5: An algorithm for calculating a unique digital signature over a stream of bytes. It is used by
CHAP to perform authentication without revealing the shared secret (password).
PVID (Port VID): This is the VLAN ID for the untagged VLAN to which an 802.1x port belongs.
Static VLAN: A VLAN that has been configured as “permanent” on the switch by using the CLI vlan
< vid > command or the Menu interface.
Supplicant: The entity that must provide the proper credentials to the switch before receiving access
to the network. This is usually an end-user workstation, but it can be a switch, router, or another
device seeking network services.