Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Maintenance Manual
Security: 802.1X Authentication
Authenticator Overview
Cisco 300 Series Managed Switches Administration Guide
434
19
A port is authorized if there is an authorized client. Only one host can be
authorized on a port.
authorized on a port.
When a port is unauthorized and the guest VLAN is enabled, untagged
traffic is remapped to the guest VLAN. Tagged traffic is dropped unless it
belongs to the guest VLAN or to an unauthenticated VLAN. If a guest VLAN
is not enabled on the port, only tagged traffic belonging to the
unauthenticated VLANs is bridged.
traffic is remapped to the guest VLAN. Tagged traffic is dropped unless it
belongs to the guest VLAN or to an unauthenticated VLAN. If a guest VLAN
is not enabled on the port, only tagged traffic belonging to the
unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from the authorized
host is bridged based on the static VLAN membership port configuration.
Traffic from other hosts is dropped.
host is bridged based on the static VLAN membership port configuration.
Traffic from other hosts is dropped.
A user can specify that untagged traffic from the authorized host will be
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. Tagged traffic is dropped unless it belongs to the
RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN
assignment on a port is set in the Security > 802.1X/MAC/Web
Authentication > Port Authentication page.
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. Tagged traffic is dropped unless it belongs to the
RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN
assignment on a port is set in the Security > 802.1X/MAC/Web
Authentication > Port Authentication page.
•
Multi-Host Mode
A port is authorized if there is if there is at least one authorized client.
When a port is unauthorized and a guest VLAN is enabled, untagged traffic
is remapped to the guest VLAN. Tagged traffic is dropped unless it belongs
to the guest VLAN or to an unauthenticated VLAN. If guest VLAN is not
enabled on a port, only tagged traffic belonging to unauthenticated VLANs
is bridged.
is remapped to the guest VLAN. Tagged traffic is dropped unless it belongs
to the guest VLAN or to an unauthenticated VLAN. If guest VLAN is not
enabled on a port, only tagged traffic belonging to unauthenticated VLANs
is bridged.
When a port is authorized, untagged and tagged traffic from all hosts
connected to the port is bridged, based on the static VLAN membership
port configuration.
connected to the port is bridged, based on the static VLAN membership
port configuration.
You can specify that untagged traffic from the authorized port will be
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. Tagged traffic is dropped unless it belongs to the
RADIUS-assigned VLAN or to the unauthenticated VLANs. Radius VLAN
assignment on a port is set in the Port Authentication page.
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. Tagged traffic is dropped unless it belongs to the
RADIUS-assigned VLAN or to the unauthenticated VLANs. Radius VLAN
assignment on a port is set in the Port Authentication page.
•
Multi-Sessions Mode
Unlike the single-host and multi-host modes, a port in the multi-session
mode does not have an authentication status. This status is assigned to
each client connected to the port. This mode requires a TCAM lookup.
Since Layer 3 mode switches do not have a TCAM lookup allocated for
mode does not have an authentication status. This status is assigned to
each client connected to the port. This mode requires a TCAM lookup.
Since Layer 3 mode switches do not have a TCAM lookup allocated for