Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

802.1X Open VLAN Mode

802.1X Authentication Commands

page 38

802.1X Supplicant Commands

page 58

802.1X Open VLAN Mode Commands

 

[no] aaa port-access authenticator [e] < port-list>

page 53

[auth-vid < vlan-id>]

 

[unauth-vid < vlan-id>]

 

802.1X-Related Show Commands

page 61

RADIUS server configuration

pages 43

 

 

This section describes how to use the 802.1X Open VLAN mode to configure unauthorized-client and authorized-client VLANs on ports configured as 802.1X authenticators.

Introduction

Configuring the 802.1X Open VLAN mode on a port changes how the port responds when it detects a new client. In earlier releases, a “friendly” client computer not running 802.1X supplicant software could not be authenticated on a port protected by 802.1X access security. As a result, the port would become blocked and the client could not access the network. This prevented the client from:

Acquiring IP addressing from a DHCP server

Downloading the 802.1X supplicant software necessary for an authentication session

The 802.1X Open VLAN mode solves this problem by temporarily suspending the port’s static, untagged VLAN membership and placing the port in a designated Unauthorized-Client VLAN. In this state the client can proceed with initialization services, such as acquiring IP addressing and 802.1X software, and starting the authentication process. Following authentication, the port drops its temporary (untagged) membership in the Unauthorized-Client VLAN and joins (or rejoins) one of the following as an untagged member:

1st Priority: The port joins a VLAN to which it has been assigned by a RADIUS server during authentication.

2nd Priority: If RADIUS authentication does not include assigning a VLAN to the port, then the switch assigns the port to the VLAN entered in the port’s 802.1X configuration as an Authorized-ClientVLAN, if configured.

44