Cisco 500 series Administration Manual page 323

Configuring Security
Configuring 802. 1 X
Cisco 500 Series Stackable Managed Switch Administration Guide
The Guest VLAN, if configured, is a static VLAN with the following characteristics.
• Must be manually defined from an existing static VLAN.
• Is automatically available only to unauthorized devices or ports of devices
that are connected and Guest-VLAN-enabled.
• If a port is Guest-VLAN-enabled, the switch automatically adds the port as
untagged member of the Guest VLAN when the port is not authorized, and
removes the port from the Guest VLAN when the first supplicant of the port
is authorized.
• The Guest VLAN cannot be used as the Voice VLAN and an unauthenticated
VLAN.
The switch also uses the Guest VLAN for the authentication process at ports
configured with Multiple Session mode and MAC-based authentication. Therefore,
you must configure a Guest VLAN before you can use the MAC authentication
mode.
802.1X Parameters Workflow
Define the 802. 1 X parameters as follows:
• (Optional) Set a time range(s) using the Time Range and Recurring Range
pages. These are used in the Edit Port Authentication page.
• (Optional) Define one or more static VLANs as unauthenticated VLANs as
described in the
and unauthorized devices or ports can always send or receive packets to or
from unauthenticated VLANs.
• Define 802. 1 X settings for each port by using the Edit Port Authentication
page.
Note the following:
• On this page, DVA can be activated on a port by selecting the RADIUS
VLAN Assignment field.
• You can select the Guest VLAN field to have untagged incoming frames go
to the guest VLAN.
• Define host authentication parameters for each port using the Port
Authentication page.
• View 802. 1 X authentication history using the Authenticated Hosts page.
Defining 802.1X Properties
18
section. 802. 1 x authorized
323