Security: 802.1X Authentication
Overview
315 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
17
Authentication page. This enables the host to be bridged according to static
configuration.
• A RADIUS server must support DVA with RADIUS attributes tunnel-type (64) =
VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-group-id = a VLAN
ID.
If the tunnel-private-group ID attribute is provided as a VLAN name, the VLAN with this
name most be statically configured on the device. If a VLAN ID (2-4094) is used in this
attribute, after a supplicant is authenticated, the VLAN will be created dynamically.
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave as follows:
• Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the RADIUS-assigned VLAN are
bridged via this VLAN. All other traffic not belonging to unauthenticated VLANs is
discarded.
• Multi-Sessions Mode
Untagged traffic and tagged traffic not belonging to the unauthenticated VLANs
arriving from the client are assigned to the RADIUS-assigned VLAN using TCAM
rules and are bridged via the VLAN.
The following table describes guest VLAN and RADIUS VLAN Assignment support
depending on authentication method and port mode.
Legend:
†—The port mode supports the guest VLAN and RADIUS-VLAN assignment
N/S—The port mode does not support the authentication method.
RADIUS VLAN Assignment Support
Authentication
Method
Single-host Multi-host Multi-sessions
802.1x
††â€
MAC
††â€
WEB
N/S N/S N/S