Security: 802.1X Authentication
Overview
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
•
Multi-Host Mode
A port is authorized if there is if there is at least one authorized client.
When a port is unauthorized and a guest VLAN is enabled, untagged traffic is
remapped to the guest VLAN. Tagged traffic is dropped unless it belongs to the guest
VLAN or to an unauthenticated VLAN. If guest VLAN is not enabled on a port, only
tagged traffic belonging to unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from all hosts connected to the
port is bridged, based on the static VLAN membership port configuration.
You can specify that untagged traffic from the authorized port will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN or to the
unauthenticated VLANs. Radius VLAN assignment on a port is set in the
Authentication
page.
•
Multi-Sessions Mode
Unlike the single-host and multi-host modes, a port in the multi-session mode does not
have an authentication status. This status is assigned to each client connected to the
port.
Tagged traffic belonging to an unauthenticated VLAN is always bridged regardless of
whether the host is authorized or not.
Tagged and untagged traffic from unauthorized hosts not belonging to an
unauthenticated VLAN is remapped to the guest VLAN if it is defined and enabled on
the VLAN, or is dropped if the guest VLAN is not enabled on the port.
You can specify that untagged traffic from the authorized port will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN or to the
unauthenticated VLANs. Radius VLAN assignment on a port is set in the
Authentication
page.
Multiple Authentication Methods
If more than one authentication method is enabled on the switch, the following hierarchy of
authentication methods is applied:
•
802.1x Authentication: Highest
•
WEB-Based Authentication
•
MAC-Based Authentication: Lowest
17
Port
Port
310