Convergence and Security on the Network (Jeffery Carrell)

• EAP is the layer two part, until you authenticate with EAP the port won't allow any layer three traffic.
• Most VOIP phones and some network printers have built in support for 802.1x (but often only weaker EAP methods).
• If you are assigning VLANs from Radius the best plan is to configure the client ports on a dead VLAN (eg. no access to anything), then once the client is authenticated it will add the port as an untagged VLAN.
• If you aren't assigning VLANs from Radius then you can configure the switch to change the ports VLAN on a successful authentication.
• Originally 802.1x made no provision for handing out tagged VLANs from Radius, this is now supported through RFC4675 (still not widely supported though).
• You can do all the same VLAN provisioning with MAC based authorisation instead of full user/pass authentication.
• Apparently WPA2 supports a non-shared key method which isn't 802.1x ... investigate!

HP Integrated Citrix XenServer on HP Proliant Servers (Chris Lynch, Brian Taylor & Aaron Olbrych)

• HP has their on version of XenServer caled "HP Select"
• "HP Select" integrates with Proliant virtual console so you can get "KVM" access to your VMs
• "PV Guest" = paravirtualised OS (modified kernel)
• "HVM Guest" = hardware-virtualised OS (non-modified kernel, requires Intel VT or AMD-V chipsets)
• SMP (Server Migration Pack) v3.5 supports XenServer (physical/virtual to physical/virtual on Proliant hardwre)
• Blah blah marketing blah blah.