8-46
Configuring Port-Based Access Control (802.1X)
How RADIUS/802.1X Authentication Affects VLAN Operation
Figure 8-8. The Active Configuration for VLAN 22 Temporarily Changes for the 802.1X Session
■ With the preceding in mind, since (static) VLAN 33 is configured as
untagged on port A2 (see figure 8-7), and since a port can be untagged
on only one VLAN, port A2 loses access to VLAN 33 for the duration
of the 802.1X session involving VLAN 22. You can verify the temporary
loss of access to VLAN 33 with the show vlan 33 command.
Figure 8-9. The Active Configuration for VLAN 33 Temporarily Drops Port 22 for the 802.1X Session
This entry shows that port A2 is temporarily untagged on
VLAN 22 for an 802.1X session. This is to accommodate
an 802.1X client’s access, authenticated by a RADIUS
server, where the server included an instruction to put
the client’s access on VLAN 22.
Note: With the current VLAN configuration (figure 8-7),
the only time port A2 appears in this show vlan 22 listing
is during an 802.1X session with an attached client.
Otherwise, port A2 is not listed.
Even though port A2 is
configured as Untagged
on (static) VLAN 33 (see
figure 8-7), it does not
appear in the VLAN 33
listing while the 802.1X
session is using VLAN 22
in the Untagged status.
However, after the 802.1X
session with VLAN 22
ends, the active
configuration returns port
A2 to VLAN 33.