Table of Contents
Advertisement
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
9-28
802.1X Open VLAN Mode
802.1X Authentication Commands
802.1X Supplicant Commands
802.1X Open VLAN Mode Commands
[no] aaa port-access authenticator < port-list >
[auth-vid < vlan-id >]
[unauth-vid < vlan-id >]
802.1X-Related Show Commands
RADIUS server configuration
Introduction
This section describes how to use the 802.1X Open VLAN mode to provide a
path for clients that need to acquire 802.1X supplicant software before
proceeding with the authentication process. The Open VLAN mode involves
options for configuring unauthorized-client and authorized-client VLANs on
ports configured as 802.1X authenticators.
Configuring the 802.1X Open VLAN mode on a port changes how the port
responds when it detects a new client. In earlier releases, a "friendly" client
computer not running 802.1X supplicant software could not be authenticated
on a port protected by 802.1X access security. As a result, the port would
become blocked and the client could not access the network. This prevented
the client from:
Acquiring IP addressing from a DHCP server
■
Downloading the 802.1X supplicant software necessary for an authenti-
■
cation session
The 802.1X Open VLAN mode solves this problem by temporarily suspending
the port's static VLAN memberships and placing the port in a designated
Unauthorized-Client VLAN (sometimes termed a guest VLAN). In this state
the client can proceed with initialization services, such as acquiring IP
addressing and 802.1X client software, and starting the authentication
process.
page 9-17
page 9-47
page 9-42
page 9-50
pages 9-24
Advertisement
Table of Contents
