Table of Contents
Advertisement
Security: 802.1X Authentication
Overview
Cisco 350XG & 550XG Series 10G Stackable Managed Switches
Host Modes with Guest VLAN
The host modes work with guest VLAN in the following way:
•
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the guest VLAN arriving on
an unauthorized port are bridged via the guest VLAN. All other traffic is
discarded. The traffic belonging to an unauthenticated VLAN is bridged via
the VLAN.
•
Multi-Sessions Mode
Untagged traffic and tagged traffic, which does not belong to the
unauthenticated VLANs and that arrives from unauthorized clients, are
assigned to the guest VLAN using the TCAM rule and are bridged via the
guest VLAN. The tagged traffic belonging to an unauthenticated VLAN is
bridged via the VLAN.
This mode cannot be configured on the same interface with policy-based
VLANs.
•
Multi-Sessions Mode
The mode does not support the guest VLAN.
RADIUS VLAN Assignment or Dynamic VLAN Assignment
An authorized client can be assigned a VLAN by the RADIUS server, if this option
is enabled in the
Port Authentication
Assignment (DVA) or RADIUS VLAN Assignment. In this guide, the term RADIUS-
Assigned VLAN is used.
Untagged traffic and tagged traffic not belonging to the unauthenticated VLANs
arriving from the client are assigned to the RADIUS assigned VLAN using the
TCAM rule and are bridged via the VLAN.
See
RADIUS VLAN Assignment Support
different modes behave when RADIUS-Assigned VLAN is enabled on the device.
For a device to be authenticated and authorized at a port which is DVA-enabled:
•
The RADIUS server must authenticate the device and dynamically assign a
VLAN to the device. You can set the RADIUS VLAN Assignment field to
static in the
Port Authentication
according to static configuration.
page. This is called either Dynamic VLAN
for further information about how the
page. This enables the host to be bridged
20
448
Hide quick links:
Advertisement
Table of Contents
