Configuring Security
Configuring 802.1X
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 208
16
Dynamic VLAN Assignment (DVA)
Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLAN Assignment
in this guide. When a port is DVA-enabled, the switch automatically adds the port
as an untagged member of the VLAN that is assigned by the RADIUS server
during the authentication process. The switch classifies untagged packets to the
assigned VLAN if the packets originated from the devices or ports that are
authenticated and authorized.
For a device to be authenticated and authorized at a port which is DVA-enabled:
• The RADIUS server must authenticate the device and dynamically assign a
VLAN to the device.
• The assigned VLAN must not be the default VLAN on the switch.
• A RADIUS server must support DVA with RADIUS attributes tunnel-type
(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private
group-id = a VLAN ID.
Guest VLAN
Guest VLAN provides access to services that do not require the subscribing
devices or ports to be 802.1x authenticated and authorized.
• The Guest VLAN, if configured, is a static VLAN with the following
characteristics.
• Must be manually defined from an existing static VLAN.
• Is automatically available only to unauthorized devices or ports of devices
that are connected and Guest-VLAN-enabled.
• If a port is Guest-VLAN-enabled, the switch automatically adds the port as
untagged member of the Guest VLAN when the port is not authorized, and
removes the port from the Guest VLAN when the first supplicant of the port
is authorized.
• The Guest VLAN cannot be used as the Voice VLAN and an unauthenticated
VLAN.
802.1X Parameters Workflow
Define the 802.1X parameters as follows:
• Define 802.1X settings for each port by using the Edit Port Authentication
page.
To Next Page
Loading...
