Reference Guide
Network Security 257
• It is automatically available only to unauthorized devices, or to ports of
devices that are connected and Guest VLAN enabled.
• If a port is Guest-VLAN-enabled, the switch automatically adds the port as
an untagged member of the Guest VLAN when the port is not authorized,
and removes the port from the Guest VLAN when the first supplicant of
the port is authorized.
• The Guest VLAN cannot be used as both the Voice VLAN and an
unauthenticated VLAN.
The switch also uses the Guest VLAN for authentication at ports configured
with Multiple Session mode and MAC-based authentication. Therefore, you
must configure a Guest VLAN before you can use the MAC-based
authentication mode.
For authentication to function, it must be activated both globally, in the Port-
Based Authentication Global page and individually on each port, in the Port-
Based Authentication Interface Settings pages.
Port-Based Authentication Global
To globally configure authentication:
1
Click
Switching
>
Network Security
>
Dot1x Authentication
>
Port
Based Authentication Global
to display the
Port Based Authentication
Global
page.
2
Enter the following fields:
–
Port Based Authentication State
— Enable/disable port-based
authentication.
–
Authentication Method
— Select an authentication method. The
possible options are:
•
RADIUS, None
— Perform port authentication first by using the
RADIUS server. If no response is received from RADIUS (for
example, if the server is down), then no authentication is
performed, and the session is permitted.
•
RADIUS
— Authenticate the user on the RADIUS server. If no
authentication is performed, the session is not permitted.
•
None
— Do not authenticate the user. Permit the session.