Filter
Top Products
Chapter 60: 802.1x Port-based Network Access Control
874
Single Host Mode Here are the operating characteristics for the switch when an authenticator
port is set to the single host mode:
If the switch receives a valid VLAN ID or VLAN name from the
RADIUS server, it moves the authenticator port to the designated
guest VLAN and changes the port to the authorized state. Only the
authenticated supplicant is allowed to use the port. All other
supplicants are denied entry.
If the switch receives an invalid VLAN ID or VLAN name from the
RADIUS server (for example, the VID of a nonexistent VLAN), it
leaves the port in the unauthorized state to deny access to the
port.
Multi Host Mode Here are the operating characteristics for the switch when an authenticator
port is set to the Multi host mode:
If the switch receives a valid VLAN ID or VLAN name from the
RADIUS server, it moves the authenticator port to the designated
VLAN and changes the port to the authorized state. All clients are
allowed access to the port and the same VLAN after the initial
authentication.
If the switch receives an invalid VLAN ID or VLAN name from the
RADIUS server (for example, the VID of a nonexistent VLAN), it
leaves the port in the unauthorized state to deny access to the
port.
Multi Supplicant
Mode
The initial authentication on an authenticator port running in the multi
supplicant mode is handled in the same fashion as with the Single
operating mode. If the switch receives a valid VLAN ID or name from the
RADIUS server, it moves the authenticator port to the designated VLAN
and changes the port to the authorized state.
How the switch handles subsequent authentications on the same port
depends on how you set the Secure VLAN parameter. Your options are as
follows:
If you activate the Secure VLAN feature, only those supplicants
with the same VLAN assignment as the initial supplicant are
authenticated. Supplicants with different VLAN assignments or
with no VLAN assignment are denied access to the port.
If you disable the Secure VLAN feature, all supplicants, regardless
of their assigned VLANs, are authenticated. However, the port
remains in the VLAN specified in the initial authentication.