EasyManua.ls Logo

Cisco 500 Series - Page 493

Cisco 500 Series
653 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security: 802.1X Authentication
Authenticator Overview
491 Cisco 500 Series Stackable Managed Switch Administration Guide
22
Host Modes with Guest VLAN
The host modes work with guest VLAN in the following way:
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the guest VLAN arriving on
an unauthorized port are bridged via the guest VLAN. All other traffic is
discarded. The traffic belonging to an unauthenticated VLAN is bridged via
the VLAN.
Multi-Sessions Mode in Layer 2
Untagged traffic and tagged traffic, which does not belong to the
unauthenticated VLANs and that arrives from unauthorized clients, are
assigned to the guest VLAN using the TCAM rule and are bridged via the
guest VLAN. The tagged traffic belonging to an unauthenticated VLAN is
bridged via the VLAN.
This mode cannot be configured on the same interface with policy-based
VLANs.
Multi-Sessions Mode in Layer 3
The mode does not support the guest VLAN.
RADIUS VLAN Assignment or Dynamic VLAN Assignment
An authorized client can be assigned a VLAN by the RADIUS server, if this option
is enabled in the Port Authentication page. This is called either Dynamic VLAN
Assignment (DVA) or RADIUS-Assigned VLAN. In this guide, the term RADIUS-
Assigned VLAN is used.
When a port is in multi-session mode and RADIUS-Assigned VLAN is enabled, the
device automatically adds the port as an untagged member of the VLAN that is
assigned by the RADIUS server during the authentication process. The device
classifies untagged packets to the assigned VLAN if the packets originated from
the devices or ports that are authenticated and authorized.
See VLAN and RADIUS-VLAN Assignment for further information about how the
different modes behave when RADIUS-Assigned VLAN is enabled on the device.
NOTE RADIUS VLAN assignment is only supported on the Sx500 devices when the
device is in Layer 2 system mode. The SG500X and SG500XG devices act like
Sx500 devices when they are in basic and advanced hybrid stacking mode.
For a device to be authenticated and authorized at a port which is DVA-enabled:

Table of Contents

Other manuals for Cisco 500 Series

Preview: Quick Start Guide
Quick Start Guide72 pages
Preview: User Guide
User Guide6 pages
Preview: Troubleshooting And Maintenance
Troubleshooting And Maintenance14 pages
Preview: Safety Information
Safety Information42 pages
Preview: Datasheet
Datasheet5 pages
Preview: Quick Reference Guide
Quick Reference Guide7 pages
Preview: Quick Start Quide
Quick Start Quide12 pages

Related product manuals