EasyManua.ls Logo

Cisco 300 Series - Page 422

Cisco 300 Series
586 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 385
19
When a port is unauthorized and a guest VLAN is enabled, untagged traffic
is remapped to the guest VLAN. Tagged traffic is dropped unless it belongs
to the guest VLAN or to an unauthenticated VLAN. If guest VLAN is not
enabled on a port, only tagged traffic belonging to unauthenticated VLANs
is bridged.
When a port is authorized, untagged and tagged traffic from all hosts
connected to the port is bridged, based on the static VLAN membership
port configuration.
You can specify that untagged traffic from the authorized port will be
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. Tagged traffic is dropped unless it belongs to the
RADIUS-assigned VLAN or to the unauthenticated VLANs. Radius VLAN
assignment on a port is set in the Port Authentication page.
Multi-Sessions Mode
Unlike the single-host and multi-host modes, a port in the multi-session
mode does not have an authentication status. This status is assigned to
each client connected to the port. This mode requires a TCAM lookup.
Since Layer 3 mode switches (see Multi-Sessions Mode Support) do not
have a TCAM lookup allocated for multi-sessions mode, they support a
limited form of multi-sessions mode, which does not support guest VLAN
and RADIUS VLAN attributes. The maximum number of authorized hosts
allowed on the port is configured in the Port Authentication page.
Tagged traffic belonging to an unauthenticated VLAN is always bridged
regardless of whether the host is authorized or not.
Tagged and untagged traffic from unauthorized hosts not belonging to an
unauthenticated VLAN is remapped to the guest VLAN if it is defined and
enabled on the VLAN, or is dropped if the guest VLAN is not enabled on the
port.
If an authorized host is assigned a VLAN by a RADIUS server, all its tagged
and untagged traffic not belonging to the unauthenticated VLANs is bridged
via the VLAN; if the VLAN is not assigned, all its traffic is bridged based on
the static VLAN membership port configuration.

Table of Contents

Other manuals for Cisco 300 Series

Preview: Cli Guide
Cli Guide1117 pages

Related product manuals