13-38
Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
Open VLAN Mode with Only an Authorized-Client VLAN Configured:
• Port automatically blocks a client that cannot initiate an 
authentication session.
• If the client successfully completes an authentication session, the 
port becomes an untagged member of this VLAN. 
• If the port is statically configured as a tagged member of any other 
VLAN, the port returns to tagged membership in this VLAN upon 
successful client authentication. This happens even if the RADIUS 
server assigns the port to another, authorized VLAN. If the port is 
already configured as a tagged member of a VLAN that RADIUS 
assigns as an authorized VLAN, then the port becomes an 
untagged member of that VLAN for the duration of the client 
connection.
Note: An authorized-client VLAN configuration can be overridden 
by a RADIUS authentication that assigns a VLAN. (Refer to figure 
13-1 on page 13-10.)
802.1X Per-Port Configuration Port Response