Cisco SF 300-08 Administration Manual page 229

Configuring Security
802. 1 X
Cisco Small Business 300 Series Managed Switch Administration Guide
• Administrative Port Control—Select the Administrative Port Authorization
state. The options are:
- Force Unauthorized—Denies the interface access by moving the
interface into the unauthorized state. The switch does not provide
authentication services to the client through the interface.
- Auto—Enables port-based authentication and authorization on the
switch. The interface moves between an authorized or unauthorized
state based on the authentication exchange between the switch and the
client.
- Force Authorized—Authorizes the interface without authentication.
• RADIUS VLAN Assignment—Select to enable Dynamic VLAN assignment
on the selected port. Dynamic VLAN assignment is possible only when the
802. 1 X mode is set to multiple session. (After authentication, the port joins
the supplicant VLAN as an untagged port in that VLAN.)
TIP For the Dynamic VLAN Assignment feature to work, the switch requires the
following VLAN attributes to be sent by the RADIUS server (as defined in
RFC 3580):
[64] Tunnel-Type = VLAN (type 13)
[65] Tunnel-Medium-Type = 802 (type 6)
[81] Tunnel-Private-Group-Id = VLAN ID
• Guest VLAN—Select to indicate that the usage of a previously-defined
Guest VLAN is enabled for the switch. The options are:
- Selected—Enables using a Guest VLAN for unauthorized ports. If a Guest
VLAN is enabled, the unauthorized port automatically joins the VLAN
selected in the Guest VLAN ID field in the
Page
.
After an authentication failure and if Guest VLAN is activated globally on
the given port, the guest VLAN is automatically assigned to the
unauthorized ports as an Untagged VLAN.
- Cleared—Disables Guest VLAN on the port.
802. 1 X Port Authentication
16
218