Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Maintenance Manual
Security: 802.1X Authentication
Authenticator Overview
435
Cisco 300 Series Managed Switches Administration Guide
19
multi-sessions mode, they support a limited form of multi-sessions mode,
which does not support guest VLAN and RADIUS VLAN attributes. The
maximum number of authorized hosts allowed on the port is configured in
the Port Authentication page.
which does not support guest VLAN and RADIUS VLAN attributes. The
maximum number of authorized hosts allowed on the port is configured in
the Port Authentication page.
Tagged traffic belonging to an unauthenticated VLAN is always bridged
regardless of whether the host is authorized or not.
regardless of whether the host is authorized or not.
Tagged and untagged traffic from unauthorized hosts not belonging to an
unauthenticated VLAN is remapped to the guest VLAN if it is defined and
enabled on the VLAN, or is dropped if the guest VLAN is not enabled on the
port.
unauthenticated VLAN is remapped to the guest VLAN if it is defined and
enabled on the VLAN, or is dropped if the guest VLAN is not enabled on the
port.
If an authorized host is assigned a VLAN by a RADIUS server, all its tagged
and untagged traffic not belonging to the unauthenticated VLANs is bridged
via the VLAN; if the VLAN is not assigned, all its traffic is bridged based on
the static VLAN membership port configuration.
and untagged traffic not belonging to the unauthenticated VLANs is bridged
via the VLAN; if the VLAN is not assigned, all its traffic is bridged based on
the static VLAN membership port configuration.
The Sx300 in Layer 3 router mode supports the multi-sessions mode
without guest VLAN and RADIUS-VLAN assignment:
without guest VLAN and RADIUS-VLAN assignment:
Multiple Authentication Methods
If more than one authentication method is enabled on the switch, the following
hierarchy of authentication methods is applied:
hierarchy of authentication methods is applied:
•
802.1x Authentication: Highest
•
WEB-Based Authentication
•
MAC-Based Authentication: Lowest
Multiple methods can run at the same time. When one method finishes
successfully, the client becomes authorized, the methods with lower priority are
stopped and the methods with higher priority continue.
successfully, the client becomes authorized, the methods with lower priority are
stopped and the methods with higher priority continue.
When one of authentication methods running simultaneously fails, the other
methods continue.
methods continue.
When an authentication method finishes successfully for a client authenticated by
an authentication method with a lower priority, the attributes of the new
authentication method are applied. When the new method fails, the client is left
authorized with the old method.
an authentication method with a lower priority, the attributes of the new
authentication method are applied. When the new method fails, the client is left
authorized with the old method.