Configuring Port-Based and User-Based Access Control (802.1X)

General 802.1X Authenticator Operation

New Client

Authenticated

RADIUS-

Assigned

VLAN?Yes

No

Authorized

VLAN

Configured? Yes

No

Assign New Client

to RADIUS-

Specified VLAN

Assign New Client to Authorized VLAN Configured on Port

Another

 

 

 

 

 

(Old) Client

 

 

 

 

 

Already Using

 

 

 

 

 

Port

No

 

 

 

 

?

 

 

 

 

 

 

Yes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

New

 

 

 

 

 

 

 

 

 

 

Client VLAN

 

 

 

 

 

 

 

Accept New Client

Same As Old

 

 

Yes

 

On Port

Client VLAN?

 

 

No

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Untagged

 

 

 

 

 

 

Assign New Client

 

VLAN

 

 

 

 

 

to Untagged VLAN

 

Configured

Yes

 

 

Configured On Port

 

On Port ?

 

 

 

No

 

 

 

 

Are All Old

 

 

Drop All Clients

Clients On

 

 

Yes

 

Using Unauthorized

Unauthorized

 

 

 

VLAN

VLAN?

 

 

 

 

 

 

 

 

 

No

 

 

 

 

 

 

 

 

 

 

 

 

Reject New Client

On Port

Figure 10-1. Priority of VLAN Assignment for an Authenticated Client

10-11