Authentication status | VLAN manipulation |
No 802.1X user has | The device assigns the 802.1X guest VLAN to the port as the PVID. All |
performed authentication | 802.1X users on this port can access only resources in the guest VLAN. |
within 90 seconds after | If no 802.1X guest VLAN is configured, the access device does not |
802.1X is enabled. | perform any VLAN operation. |
|
|
| If an 802.1X |
A user in the 802.1X guest | device assigns the |
VLAN fails 802.1X | port can access only resources in the |
authentication. | If no |
| guest VLAN. All users on the port are in the guest VLAN. |
|
|
| • The device assigns the VLAN specified for the user to the port as the |
| PVID, and removes the port from the 802.1X guest VLAN. After the |
A user in the 802.1X guest | user logs off, the user configured PVID restores. |
VLAN passes 802.1X | • If the authentication server assigns no VLAN, the user configured PVID |
authentication. | applies. The user and all subsequent 802.1X users are assigned to the |
| |
| unchanged. |
|
|
•On a port that performs
Authentication status | VLAN manipulation | |
A user has not passed | The device creates a mapping between the MAC address of the user and | |
the 802.1X guest VLAN. The user can access resources in the guest | ||
802.1X authentication yet. | ||
VLAN. | ||
| ||
|
| |
| If an 802.1X | |
A user in the 802.1X guest | address of the user to the | |
VLAN fails 802.1X | resources in the | |
authentication. | If no 802.1X | |
| VLAN. |
A user in the 802.1X guest VLAN passes 802.1X authentication.
The device remaps the MAC address of the user to the authorized VLAN.
If the authentication server assigns no authorized VLAN, the device remaps the MAC address of the user to the initial PVID on the port.
To use the 802.1X guest VLAN function on a port that performs
The network device assigns a hybrid port to an 802.1X guest VLAN as an untagged member.
You can configure an
The
•On a port that performs
330