| Configuring |
| 802.1X Open VLAN Mode |
Table | |
|
|
802.1X | Port Response |
|
|
No Open VLAN mode: | The port automatically blocks a client that cannot initiate an |
| authentication session. |
Open VLAN mode with both of the following configured:
• When the port detects a client, it automatically becomes an | |
| untagged member of this VLAN. If you previously configured the |
| port as a static, tagged member of the VLAN, membership |
| temporarily changes to untagged while the client remains |
| unauthenticated. |
| • If the port already has a statically configured, untagged |
| membership in another VLAN, then the port temporarily closes |
| access to this other VLAN while in the |
| • To limit security risks, the network services and access available |
| on the |
| needs to enable an authentication session. If the port is statically |
| configured as a tagged member of any other VLANs, access to |
| these VLANs is blocked while the port is a member of the |
| |
|
|
• After the client is authenticated, the port drops membership in the | |
| |
| this VLAN. |
| Note: if RADIUS authentication assigns a VLAN, the port |
| temporarily becomes a member of the |
| instead of the |
| connected. |
| • If the port is statically configured as a tagged member of a VLAN, |
| and this VLAN is used as the |
| temporarily becomes an untagged member of this VLAN when the |
| client becomes authenticated. When the client disconnects, the |
| port returns to tagged membership in this VLAN. |
| • If the port is statically configured as a tagged member of a VLAN |
| that is not used by 802.1X Open VLAN mode, the port returns to |
| tagged membership in this VLAN upon successful authentication. |
| This happens even if the RADIUS server assigns the port to |
| another, authorized VLAN. If the port is already configured as a |
| tagged member of a VLAN that RADIUS assigns as an authorized |
| VLAN, then the port becomes an untagged member of that VLAN |
| for the duration of the client connection. After the client |
| disconnects, the port returns to tagged membership in that VLAN. |