Convergence and Security on the Network (Jeffery Carrell)
- EAP is the layer two part, until you authenticate with EAP the port won't allow any layer three traffic.
- Most VOIP phones and some network printers have built in support for 802.1x (but often only weaker EAP methods).
- If you are assigning VLANs from Radius the best plan is to configure the client ports on a dead VLAN (eg. no access to anything), then once the client is authenticated it will add the port as an untagged VLAN.
- If you aren't assigning VLANs from Radius then you can configure the switch to change the ports VLAN on a successful authentication.
- Originally 802.1x made no provision for handing out tagged VLANs from Radius, this is now supported through RFC4675 (still not widely supported though).
- You can do all the same VLAN provisioning with MAC based authorisation instead of full user/pass authentication.
- Apparently WPA2 supports a non-shared key method which isn't 802.1x ... investigate!
HP Integrated Citrix XenServer on HP Proliant Servers (Chris Lynch, Brian Taylor & Aaron Olbrych)
- HP has their on version of XenServer caled "HP Select"
- "HP Select" integrates with Proliant virtual console so you can get "KVM" access to your VMs
- "PV Guest" = paravirtualised OS (modified kernel)
- "HVM Guest" = hardware-virtualised OS (non-modified kernel, requires Intel VT or AMD-V chipsets)
- SMP (Server Migration Pack) v3.5 supports XenServer (physical/virtual to physical/virtual on Proliant hardwre)
- Blah blah marketing blah blah.