5.2.2 Coexistence in the same port
This section describes, for the following categories, the combinations of authentication mode that the Switch supports when using multiple Layer 2 authentication strategies simultaneously on a single port:
-
Fixed VLAN mode
-
Dynamic VLAN mode
-
Fixed VLAN mode and dynamic VLAN mode
- <Structure of this section>
(1) Coexistence of Fixed VLAN Modes on the Same Port
|
Port type |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|---|---|---|---|
|
Access port |
OK # |
OK |
OK |
|
Trunk port |
OK # |
OK |
OK |
|
All other cases |
NG |
NG |
NG |
- Legend
-
OK: Supported
NG:Cannot operate.
- #
-
If IEEE802.1X authentication is set for the port for which Web authentication and MAC authentication are set (the same for multi-step authentication), set the terminal authentication mode for the authentication submode and set auto for the terminal detection operation. Do not set single mode and multi mode for the authentication submode. Do not set the following configuration commands:
Omit the following configuration commands:
dot1x port-control force-authorized
dot1x port-control force-unauthorized
dot1x multiple-hosts
(2) Coexistence of Dynamic VLAN Modes on the Same Port
|
Port type |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|---|---|---|---|
|
MAC port |
OK # |
OK |
OK |
|
All other cases |
NG |
NG |
NG |
Legend: OK: Operable; NG: Inoperable
- #
-
If IEEE802.1X authentication is set for the port for which Web authentication and MAC authentication are set (the same for multi-step authentication), set the terminal authentication mode for the authentication submode and set auto for the terminal detection operation. Do not set single mode and multi mode for the authentication submode. Do not set the following configuration commands:
Omit the following configuration commands:
dot1x port-control force-authorized
dot1x port-control force-unauthorized
dot1x multiple-hosts
(3) Coexistence of dynamic VLAN mode and fixed VLAN mode on the same port
|
|
![[Figure Data]](./GRAPHICS/ZU250030.GIF)
|
Port type |
Type of received frames |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|||
|---|---|---|---|---|---|---|---|
|
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
||
|
MAC port configured with dot1q |
Tagged frame |
NG |
NG |
NG |
NG |
OK |
NG |
|
Untagged frame |
OK # |
OK |
OK # |
OK |
OK # |
OK |
|
Legend: OK: Operable; NG: Inoperable
- #
-
When using RADIUS authentication, if the RADIUS server does not indicate which VLAN a terminal should attach to after authentication, the terminal attaches to the native VLAN as a member of a fixed VLAN. However, when a terminal is moved to a different port, the destination port operates in dynamic VLAN mode.