Configuring Port-Based and Client-Based Access Control (802.1X)

802.1X Open VLAN Mode

802.1X Open VLAN Mode

802.1X Authentication Commands

page 8-17

802.1X Supplicant Commands

page 8-44

802.1X Open VLAN Mode Commands

 

[no] aaa port-access authenticator [e] < port-list>

page 8-37

[auth-vid < vlan-id>]

 

[unauth-vid < vlan-id>]

 

802.1X-Related Show Commands

page 8-47

RADIUS server configuration

pages 8-24

 

 

Introduction

This section describes how to use the 802.1X Open VLAN mode to configure unauthorized-client and authorized-client VLANs on ports configured as 802.1X authenticators.

Configuring the 802.1X Open VLAN mode on a port changes how the port responds when it detects a new client. In earlier releases, a “friendly” client computer not running 802.1X supplicant software could not be authenticated on a port protected by 802.1X access security. As a result, the port would become blocked and the client could not access the network. This prevented the client from:

Acquiring IP addressing from a DHCP server

Downloading the 802.1X supplicant software necessary for an authen- tication session

The 802.1X Open VLAN mode solves this problem by temporarily suspending the port’s static, tagged and untagged VLAN memberships and placing the port in a designated Unauthorized-Client VLAN. In this state the client can proceed with initialization services, such as acquiring IP addressing and 802.1X software, and starting the authentication process.

8-26