Configuring 802.1X Open VLAN mode

Use these commands to actually configure Open VLAN mode. For a listing of the steps needed to prepare the switch for using Open VLAN mode, see Setting up and configuring 802.1X Open VLAN mode.

Syntax:


aaa port-access authenticator <port-list>

[auth-vid <vlan-id>]

Configures an existing, static VLAN to be the Authorized-Client VLAN.


[<unauth-vid <vlan-id>]

Configures an existing, static VLAN to be the Unauthorized-Client VLAN.

For example, suppose you want to configure 802.1X port-access with Open VLAN mode on ports 10-20 and

  • These two static VLANs already exist on the switch:
    • Unauthorized, VID = 80

    • Authorized, VID = 81

  • Your RADIUS server has an IP address of 10.28.127.101. The server uses rad4all as a server-specific key string. The server is connected to a port on the Default VLAN.

  • The switch's default VLAN is already configured with an IP address of 10.28.127.100 and a network mask of 255.255.255.0

switch(config)# aaa authentication port-access eap-radius

Configures the switch for 802.1X authentication using an EAP-RADIUS server.

switch(config)# aaa port-access authenticator 10-20

Configures ports 10 - 20 as 802.1 authenticator ports.

switch(config)# radius host 10.28.127.101 key rad4all

Configures the switch to look for a RADIUS server with an IP address of 10.28.127.101 and an encryption key of rad4all.

switch(config)# aaa port-access authenticator e 10-20 unauth-vid 80

Configures ports 10 - 20 to use VLAN 80 as the Unauthorized-Client VLAN.

switch(config)# aaa port-access authenticator e 10-20 auth-vid 81

Configures ports 10 - 20 to use VLAN 81 as the Authorized-Client VLAN.

switch(config)# aaa port-access authenticator active

Activates 802.1X port-access on ports you have configured as authenticators.