Filter
Top Products
8-26
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
802.1X Open VLAN Mode
Introduction
This section describes how to use the 802.1X Open VLAN mode to configure
unauthorized-client and authorized-client VLANs on ports configured as
802.1X authenticators.
Configuring the 802.1X Open VLAN mode on a port changes how the port
responds when it detects a new client. In earlier releases, a “friendly” client
computer not running 802.1X supplicant software could not be authenticated
on a port protected by 802.1X access security. As a result, the port would
become blocked and the client could not access the network. This prevented
the client from:
■ Acquiring IP addressing from a DHCP server
■ Downloading the 802.1X supplicant software necessary for an authen-
tication session
The 802.1X Open VLAN mode solves this problem by temporarily suspending
the port’s static, tagged and untagged VLAN memberships and placing the port
in a designated Unauthorized-Client VLAN. In this state the client can
proceed with initialization services, such as acquiring IP addressing and
802.1X software, and starting the authentication process.
802.1X Authentication Commands page 8-17
802.1X Supplicant Commands page 8-44
802.1X Open VLAN Mode Commands
[no] aaa port-access authenticator [e] < port-list > page 8-37
[auth-vid < vlan-id >]
[unauth-vid < vlan-id >]
802.1X-Related Show Commands page 8-47
RADIUS server configuration pages 8-24