Cisco 300 Series User Manual

Cisco 300 Series

1117 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Page #55 background image

Loading...

Page #55 background image

802.1X Commands

55 OL-32830-01 Command Line Interface Reference Guide

2

Default Configuration

Default mode is multi-host.

Command Mode

Interface (Ethernet) Configuration mode

User Guidelines

Single-Host Mode

The single-host mode manages the authentication status of the port: the port is

authorized if there is an authorized host. In this mode, only a single host can be

authorized on the port.

When a port is unauthorized and the guest VLAN is enabled, untagged traffic is

remapped to the guest VLAN. Tagged traffic is dropped unless the VLAN tag is the

guest VLAN or the unauthenticated VLANs. If guest VLAN is not enabled on the

port, only tagged traffic belonging to the unauthenticated VLANs is bridged.

When a port is authorized, untagged and tagged traffic from the authorized host is

bridged based on the static vlan membership configured at the port. Traffic from

other hosts is dropped.

A user can specify that untagged traffic from the authorized host will be

remapped to a VLAN that is assigned by a RADIUS server during the

authentication process. In this case, tagged traffic is dropped unless the VLAN tag

is the RADIUS-assigned VLAN or the unauthenticated VLANs. See the dot1x

radius-attributes vlan command to enable RADIUS VLAN assignment at a port.

The switch removes from FDB all MAC addresses learned on a port when its

authentication status is changed from authorized to unauthorized.

Multi-Host Mode

The multi-host mode manages the authentication status of the port: the port is

authorized after at least one host is authorized.

When a port is unauthorized and the guest VLAN is enabled, untagged traffic is

remapped to the guest VLAN. Tagged traffic is dropped unless the VLAN tag is the

guest VLAN or the unauthenticated VLANs. If guest VLAN is not enabled on the

port, only tagged traffic belonging to the unauthenticated VLANs is bridged.

When a port is authorized, untagged and tagged traffic from all hosts connected to

the port is bridged based on the static vlan membership configured at the port.

A user can specify that untagged traffic from the authorized port will be

remapped to a VLAN that is assigned by a RADIUS server during the

authentication process. In this case, tagged traffic is dropped unless the VLAN tag

Table of Contents

Other manuals for Cisco 300 Series

Administration Guide586 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco 300 Series and is the answer not in the manual?

Cisco 300 Series Specifications

General

Model	Cisco 300 Series
Category	Switch
Dimensions	Varies by model
Weight	Varies by model
Power over Ethernet (PoE)	Available on select models
Management	Web-based GUI, SNMP, CLI
VLANs	Up to 256
Security Features	ACLs, 802.1X, Port Security
Humidity	10% to 90% non-condensing
Ports	8, 16, 24, 48

Related product manuals

Preview: Cisco SG 300-10

Cisco SG 300-10

Preview: Cisco SF 300-08

Cisco SF 300-08

Cisco SG 300-20

Cisco SG 300-28

Cisco SG 300-52

Cisco SG 300-10P

Cisco SG 300-10MP

Cisco SG 300- 28P

Preview: Content Delivery Engine 100/200/300/400

Content Delivery Engine 100/200/300/400

Preview: Cisco IE 3000

Cisco Nexus 3064

Preview: Cisco 3000 Series

Cisco 3000 Series