13-32
Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
802.1X Open VLAN Mode
Introduction
This section describes how to use the 802.1X Open VLAN mode to provide a
path for clients that need to acquire 802.1X supplicant software before
proceeding with the authentication process. The Open VLAN mode involves
options for configuring unauthorized-client and authorized-client VLANs on
ports configured as 802.1X authenticators.
Configuring the 802.1X Open VLAN mode on a port changes how the port
responds when it detects a new client by temporarily suspending the port’s
static VLAN memberships and placing the port in a designated Unauthorized-
Client VLAN (sometimes termed a guest VLAN). In this state the client can
proceed with initialization services, such as acquiring IP addressing and
802.1X client software, and starting the authentication process.
Note On ports configured to allow multiple sessions using 802.1X user-based access
control, all clients must use the same untagged VLAN. On a given port where
there are no currently active, authenticated clients, the first authenticated
client determines the untagged VLAN in which the port will operate for all
subsequent, overlapping client sessions.
If the switch operates in an environment where some valid clients will not be
running 802.1X supplicant software and need to download it from your
network. Then, because such clients would need to use the Unauthorized-
Client VLAN and authenticated clients would be using a different VLAN (for
security reasons), allowing multiple clients on an 802.1X port can result in
blocking some or all clients needing to use the Unauthorized-Client VLAN.
802.1X Authentication Commands page 13-17
802.1X Supplicant Commands page 13-53
802.1X Open VLAN Mode Commands
[no] aaa port-access authenticator < port-list > page 13-47
[auth-vid < vlan-id >]
[unauth-vid < vlan-id >]
802.1X-Related Show Commands page 13-55
RADIUS server configuration pages 13-25
To Next Page
Loading...
Need help?
General