•
Dynamic VLAN Assignment — Indicates whether dynamic VLAN assignment is enabled for this port.
This feature allows network administrators to automatically assign users to VLANs during the RADIUS
server authentication. When a user is authenticated by the RADIUS server, the user is automatically
joined to the VLAN configured on a RADIUS server.
–
Port Lock and Port Monitor should be disabled when DVA is enabled.
–
Dynamic VLAN Assignment (DVA) can occur only if a RADIUS server is configured, and port
authentication is enabled and set to 802.1x multi-session mode.
–
If the Radius Accept Message doesn't contain the supplicant's VLAN, the supplicant is rejected.
–
Authenticated ports are added to the supplicant VLAN as untagged.
–
Authenticated ports remain unauthenticated VLAN and Guest VLAN members. Static VLAN
configuration is not applied to the port.
–
The following list of VLANs cannot participate in DVA: an Unauthenticated VLAN, a Dynamic
VLAN that was created by GVRP, a Voice VLAN, a Default VLAN and a Guest VLAN.
–
Network administrators can delete the supplicant VLAN while the supplicant is logged in.
The supplicant is authorized during the next re-authentication if this supplicant VLAN is
re-created or a new VLAN is configured on the RADIUS server.
•
Guest VLAN — If enabled, indicates that unauthorized users connected to this interface can access
the Guest VLAN.
–
Enable — Enables unauthorized users to access the guest VLAN.
–
Disable — Prevents unauthorized users from accessing the guest VLAN.
•
Periodic Reauthentication — Reauthenticates the selected port periodically. The reauthentication
period is defined in the Reauthentication Period (300-4294967295) field.
–
Enable — Enables periodic port reauthentication.
–
Disable — Disables periodic port reauthentication.
•
Reauthentication Period (300-4294967295) — Indicate the time span in which the selected port is
reauthenticated. The field value is seconds. The field default is 3600 seconds.
•
Reauthenticate Now — Permits immediate port reauthentication.
–
Checked — Enables immediate port reauthentication.
–
Disable — Disables immediate port reauthentication.
•
Authentication Server Timeout (1-65535) — Defines the amount of time that lapses before the
device resends a request to the authentication server. The field value is specified in seconds. The field
default is 30 seconds.
•
Resending EAP Identity Request (1-65535) — Defines the amount of time that lapses before
EAP request are resent. The field default is 30 seconds.
•
Quiet Period (0-65535) — Indicates the number of seconds that the device remains in the quiet state
following a failed authentication exchange. The possible field range is 0-65535. The field default is
60 seconds.
Configuring Switch Information
265