Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
Condition Rule
Note: Limitation on Using an
You can optionally enable switches to allow up to 32 clients per-port.
Unauthorized-Client VLAN on an
The Unauthorized-Client VLAN feature can operate on an 802.1X-
802.1X Port Configured to Allow
configured port regardless of how many clients the port is configured
Multiple-Client Access
to support. However, all clients on the same port must operate through
the same untagged VLAN membership. This means that any client
accessing a given port must be able to authenticate and operate on
the same VLAN as any other previously authenticated clients that are
currently using the port. Thus, an Unauthorized-Client VLAN
configured on a switch port that allows multiple 802.1X clients cannot
be used if there is already an authenticated client using the port on
another VLAN. Also, a client using the Unauthenticated-Client VLAN
will be blocked when another client becomes authenticated on the
port. For this reason, the best utilization of the Unauthorized-Client
VLAN feature is in instances where only one client is allowed per-port.
Otherwise, unauthenticated clients are subject to being blocked at
any time by authenticated clients using a different VLAN. (Using the
same VLAN for authenticated and unauthenticated clients can create
a security risk and is not recommended.)
Note : If you use the same VLAN as the Unauthorized-Client VLAN for all authenti-
cator ports, unauthenticated clients on different ports can communicate with
each other.
10-34
To Next Page
Loading...
Need help?
General
