![]() The quiet-period timer will not fire if an unauth-vid is configured and the client transitions into the 'guest' state. Beware using guest VLANs with mac-based authentication and dynamic VLAN assignment That is, when the client connects and either: The RADIUS server returns an Access-Reject, or the RADIUS server is Unreachable, the switch will retry authentication after quiet-period seconds. In normal operation the switch will attempt to authenticate the client every quiet-period (a configurable period measured in seconds). Note: A hashed version of the SRC address is also inserted into the CHAP-Password attribute of Access-Request packets. The RADIUS server can then check the User-Name against a list of authorised Mac-Addresses. When the switch receives a ethernet frame from a client which has not yet been authenticated, it copies the value of the ethernet SRC address field into the User-Name attribute of an Access-Request packet. When the user submits their credentials, a hash of the password is then written to the CHAP-Password attribute. The switch provides a local captive portal for credential entry. The content on this page refers to HP ProCurve switches only, not switching products from companies acquired by HP (3Com, H3C, Aruba).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |