Configuring Unauthenticated Vlans - Cisco SF 300-08 Administration Manual

Configuring Security
802. 1 X
STEP 3
STEP 1
STEP 2
STEP 3
STEP 4
Cisco Small Business 300 Series Managed Switch Administration Guide
- RADIUS—Authenticate the user on the RADIUS server. If no
authentication is performed, the session is not permitted
- None—Do not authenticate the user. Permit the session.
• Guest VLAN—Select to enable the use of a Guest VLAN for unauthorized
ports. If a Guest VLAN is enabled, all unauthorized ports automatically join
the VLAN selected in the Guest VLAN ID field. If a port is later authorized, it
is removed from the Guest VLAN.
• Guest VLAN ID—Select the guest VLAN from the list of VLANs.
• Guest VLAN Timeout—Define a time period:
- After linkup, if the software does not detect the 802. 1 X supplicant, or the
authentication has failed, the port is added to the Guest VLAN, only after
the Guest VLAN timeout period has expired.
- If the port state changes from Authorized to Not Authorized, the port is
added to the Guest VLAN only after the Guest VLAN timeout has expired.
The VLAN Authentication Table displays all VLANs, and indicates whether
authentication has been enabled on them.
Click Apply. The 802. 1 X properties are modified, and the switch is updated.

Configuring Unauthenticated VLANs

When a port is 802. 1 x-enabled, unauthorized ports or devices are not allowed to
access a VLAN unless the VLAN is a Guest VLAN or unauthenticated VLAN. You
can make a static VLAN an authenticated VLAN by using the procedure in the
Defining 802.1X Properties
unauthorized devices or ports to send or receive packets to or from
unauthenticated VLANs. You must manually add VLAN port membership by using
the Port to VLAN page.
Click Security > 802.1X > Properties. The 802. 1 X Properties Page displays.
Select a VLAN, and click Edit. The Edit VLAN Authentication Page displays.
Select a VLAN.
Optionally, uncheck Authentication to make the VLAN an unauthenticated VLAN.
section, allowing both 802. 1 x authorized and
16
216