Configuring Port-Based Access Control (802.1x)
802.1x Open VLAN Mode
802.1x Open VLAN Mode
802.1x Authentication Commands page 6-14
802.1x Supplicant Commands page 6-34
802.1x Open VLAN Mode Commands
[no] aaa port-access authenticator [ e ] < port-list > page
6-29
[ auth-vid < vlan-id > ]
[ unauth-vid < vlan-id > ]
802.1x-Related Show Commands page 6-37
RADIUS server configuration pages 6-19
This section describes how to use the 802.1x Open VLAN mode to configure
unauthorized-client and authorized-client VLANs on ports configured as
802.1x authenticators.
Introduction
Configuring the 802.1x Open VLAN mode on a port changes how the port
responds when it detects a new client. In earlier releases, a "friendly" client
computer not running 802.1x supplicant software could not be authenticated
on a port protected by 802.1x access security. As a result, the port would
become blocked and the client could not access the network. This prevented
the client from:
■ Acquiring IP addressing from a DHCP server
■ Downloading the 802.1x supplicant software necessary for an authen-
tication session
The 802.1x Open VLAN mode solves this problem by temporarily suspending
the port’s static, untagged VLAN membership and placing the port in a desig-
nated Unauthorized-Client VLAN. In this state the client can proceed with
initialization services, such as acquiring IP addressing and 802.1x software,
and starting the authentication process. Following authentication, the port
drops its temporary (untagged) membership in the Unauthorized-Client VLAN
and joins (or rejoins) one of the following as an untagged member:
6-20
