Cisco 500 Series Administration Manual page 494
Stackable managed
Hide thumbs
Also See for 500 Series:
- Configuration manual (1140 pages) ,
- Administration manual (485 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Security: 802.1X Authentication
Authenticator Overview
Cisco 500 Series Stackable Managed Switch Administration Guide
•
The RADIUS server must authenticate the device and dynamically assign a
VLAN to the device. You can set the RADIUS VLAN Assignment field to
static in the Port Authentication page. This enables the host to be bridged
according to static configuration.
•
A RADIUS server must support DVA with RADIUS attributes tunnel-type
(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-
group-id = a VLAN ID.
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave as
follows:
•
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the RADIUS-assigned
VLAN are bridged via this VLAN. All other traffic not belonging to
unauthenticated VLANs is discarded.
•
Full Multi-Sessions Mode
Untagged traffic and tagged traffic not belonging to the unauthenticated
VLANs arriving from the client are assigned to the RADIUS-assigned VLAN
using TCAM rules and are bridged via the VLAN.
•
Multi-Sessions Mode in Layer 3 System Mode
This mode does not support RADIUS-assigned VLAN, except for SG500X
and SG500XG devices in native stacking mode
The following table describes guest VLAN and RADIUS‐VLAN assignment support
depending on authentication method and port mode.
VLAN and RADIUS-VLAN Assignment
Authentication
Single-host
Method
802.1x
MAC
WEB
Legend:
†—The port mode supports the guest VLAN and RADIUS-VLAN assignment
N/S—The port mode does not support the authentication method.
Multi-host
†
†
†
†
N/S
N/S
Multi-sessions
Device in L3
Device in L2
N/S
N/S
N/S
N/S
22
†
†
492
Hide quick links:
Advertisement
Table of Contents
