Table of Contents
Advertisement
Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
802.1X Per-Port Configuration
Authorized-Client VLAN
13-36
Port Response
• After client authentication, the port drops membership in the
Unauthorized-Client VLAN and becomes an untagged member of
this VLAN.
Notes: If the client is running an 802.1X supplicant application
when the authentication session begins, and is able to
authenticate itself before the switch assigns the port to the
Unauthorized-Client VLAN, then the port does not become a
member of the Unauthorized-Client VLAN. On the switches
covered in this guide, you can use the unauth-period command—
page 13-23—to delay moving the port into the Unauthorized-Client
VLAN.
If RADIUS authentication assigns a VLAN and there are no other
authenticated clients on the port, then the port becomes a member
of the RADIUS-assigned VLAN —instead of the Authorized-Client
VLAN—while the client is connected.
• If the port is statically configured as a tagged member of a VLAN,
and this VLAN is used as the Authorized-Client VLAN, then the port
temporarily becomes an untagged member of this VLAN when the
client becomes authenticated.
• If the port is statically configured as a tagged member of a VLAN,
the port returns to tagged membership in this VLAN upon
successful authentication. This happens even if the RADIUS
server assigns the port to another, authorized VLAN. If the port is
already configured as a tagged member of a VLAN that RADIUS
assigns as an authorized VLAN, then the port becomes an
untagged member of that VLAN for the duration of the client
connection.
Hide quick links:
Advertisement
Table of Contents
