Cisco 300 Series Administration Manual page 429
Managed switch
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Quick start manual (72 pages) ,
- Datasheet (14 pages)
Table of Contents
Advertisement
19
392
For a device to be authenticated and authorized at a port which is DVA-enabled:
•
The RADIUS server must authenticate the device and dynamically assign a
VLAN to the device. You can set the RADIUS VLAN Assignment field to
static in the Port Authentication page. This enables the host to be bridged
according to static configuration.
•
A RADIUS server must support DVA with RADIUS attributes tunnel-type
(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-
group-id = a VLAN ID.
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave as
follows:
•
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the RADIUS-assigned
VLAN are bridged via this VLAN. All other traffic not belonging to
unauthenticated VLANs is discarded.
•
Full Multi-Sessions Mode
Untagged traffic and tagged traffic not belonging to the unauthenticated
VLANs arriving from the client are assigned to the RADIUS-assigned VLAN
using TCAM rules and are bridged via the VLAN.
•
Multi-Sessions Mode in Layer 3 System Mode
This mode does not support RADIUS-assigned VLAN,
The following table describes guest VLAN and RADIUS-VLAN assignment support
depending on authentication method and port mode.
Authentication
Single-host
Method
802.1x
MAC
WEB
Legend:
†—The port mode supports the guest VLAN and RADIUS-VLAN assignment
N/S—The port mode does not support the authentication method.
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Multi-host
†
†
†
†
N/S
N/S
Security: 802.1X Authentication
Authenticator Overview
Multi-sessions
Device in L3
Device in L2
N/S
N/S
N/S
†
†
N/S
Advertisement
Table of Contents
