Configuring Port-Based and User-Based Access Control (802.1X)

 

802.1X Open VLAN Mode

 

 

N o t e

After client authentication, the port resumes membership in any tagged

 

VLANs for which it is configured. If the port is a tagged member of a VLAN

 

used for 1 or 2 listed above, then it also operates as an untagged member of

 

that VLAN while the client is connected. When the client disconnects, the port

 

reverts to tagged membership in the VLAN.

 

Use Models for 802.1X Open VLAN Modes

 

 

You can apply the 802.1X Open VLAN mode in more than one way. Depending

 

on your use, you will need to create one or two static VLANs on the switch for

 

exclusive use by per-port 802.1X Open VLAN mode authentication:

 

Unauthorized-Client VLAN: Configure this VLAN when unauthenti-

 

cated, friendly clients will need access to some services before being

 

authenticated or instead of being authenticated.

 

Authorized-Client VLAN: Configure this VLAN for authenticated clients

 

when the port is not statically configured as an untagged member of a

 

VLAN you want clients to use, or when the port is statically configured as

 

an untagged member of a VLAN you do not want clients to use. (A port

 

can be configured as untagged on only one port-based VLAN. When an

 

Authorized-Client VLAN is configured, it will always be untagged and will

 

block the port from using a statically configured, untagged membership

 

in another VLAN.) Note that after client authentication, the port returns

 

to membership in any tagged VLANs for which it is configured. See the

 

"Note", above.

10-31