Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 391
19

Host Modes with Guest VLAN

The host modes work with guest VLAN in the following way:
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the guest VLAN arriving on
an unauthorized port are bridged via the guest VLAN. All other traffic is
discarded. The traffic belonging to an unauthenticated VLAN is bridged via
the VLAN.
Multi-Sessions Mode in Layer 2
Untagged traffic and tagged traffic, which does not belong to the
unauthenticated VLANs and that arrives from unauthorized clients, are
assigned to the guest VLAN using the TCAM rule and are bridged via the
guest VLAN. The tagged traffic belonging to an unauthenticated VLAN is
bridged via the VLAN.
This mode cannot be configured on the same interface with policy-based
VLANs.
Multi-Sessions Mode in Layer 3
The mode does not support the guest VLAN.
RADIUS VLAN Assignment or Dynamic VLAN A ssignment
An authorized client can be assigned a VLAN by the RADIUS server, if this option
is enabled in the Port Authentication page. This is called either Dynamic VLAN
Assignment (DVA) or RADIUS-Assigned VLAN. In this guide, the term RADIUS-
Assigned VLAN is used.
When a port is in multi-session mode and RADIUS-Assigned VLAN is enabled, the
device automatically adds the port as an untagged member of the VLAN that is
assigned by the RADIUS server during the authentication process. The device
classifies untagged packets to the assigned VLAN if the packets originated from
the devices or ports that are authenticated and authorized.
See Table 3 Guest VLAN Support and RADIUS-VLAN Assignment Support and
The following table describes how authenticated and non-authenticated
traffic is handled in various situations. for further information about how the
different modes behave when RADIUS-Assigned VLAN is enabled on the device.
NOTE RADIUS VLAN assignment is only supported on the Sx500 devices when the
device is in Layer 2 system mode. The SG500X and SG500XG devices act like
Sx500 devices when they are in basic and advanced hybrid stacking mode.