Configuring Port-Based and User-Based Access Control (802.1X)

802.1X Open VLAN Mode

802.1X Per-Port Configuration

Port Response

 

 

Open VLAN Mode with Only an Authorized-Client VLAN Configured:

Port automatically blocks a client that cannot initiate an authentication session.

If the client successfully completes an authentication session, the port becomes an untagged member of this VLAN.

If the port is statically configured as a tagged member of any other VLAN, the port returns to tagged membership in this VLAN upon successful client authentication. This happens even if the RADIUS server assigns the port to another, authorized VLAN. If the port is already configured as a tagged member of a VLAN that RADIUS assigns as an authorized VLAN, then the port becomes an untagged member of that VLAN for the duration of the client connection.

Note: An authorized-client VLAN configuration can be overridden by a RADIUS authentication that assigns a VLAN. (Refer to figure 10-1on page 10-11.)

10-35