EasyManua.ls Logo

Cisco SG350X-24MP - Page 523

Cisco SG350X-24MP
762 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security: 802.1X Authentication
Overview
352 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
18
Multi-Host Mode
A port is authorized if there is if there is at least one authorized client.
When a port is unauthorized and a guest VLAN is enabled, untagged traffic is
remapped to the guest VLAN. Tagged traffic is dropped unless it belongs to the guest
VLAN or to an unauthenticated VLAN. If guest VLAN is not enabled on a port, only
tagged traffic belonging to unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from all hosts connected to the
port is bridged, based on the static VLAN membership port configuration.
You can specify that untagged traffic from the authorized port will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN or to the
unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port
Authentication page.
Multi-Sessions Mode
Unlike the single-host and multi-host modes, a port in the multi-session mode does not
have an authentication status. This status is assigned to each client connected to the
port.
Tagged traffic belonging to an unauthenticated VLAN is always bridged regardless of
whether the host is authorized or not.
Tagged and untagged traffic from unauthorized hosts not belonging to an
unauthenticated VLAN is remapped to the guest VLAN if it is defined and enabled on
the VLAN, or is dropped if the guest VLAN is not enabled on the port.
You can specify that untagged traffic from the authorized port will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN or to the
unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port
Authentication page.
Multiple Authentication Methods
If more than one authentication method is enabled on the switch, the following hierarchy of
authentication methods is applied:
802.1x Authentication: Highest
WEB-Based Authentication
MAC-Based Authentication: Lowest

Table of Contents

Other manuals for Cisco SG350X-24MP

Preview: Quick Start Guide
Quick Start Guide18 pages

Related product manuals