6.2.6 Deauthorization method
The following table describes the events that lead to a terminal losing its authenticated status.
De-authentication method |
Fixed VLAN mode |
Dynamic VLAN mode |
---|---|---|
De-authentication using an operation command |
OK |
OK |
De-authentication of terminals connected to link-down ports |
OK |
OK |
De-authentication resulting from changes to the VLAN configuration |
OK |
OK |
De-authentication resulting from authentication mode changes |
OK |
OK |
Deactivation by Suspending IEEE802.1X |
OK |
OK |
Logout due to deletion of a dynamically registered VLAN |
- |
OK |
Legend: OK:Support-:Not Applicable
- <Structure of this section>
(1) Authentication canceled by operation command
You can use the operation command clear dot1x auth-state to forcibly deauthorize a port or MAC by address. If the same MAC address is authenticated in more than one VLAN, the switch terminates every authentication session associated with the MAC address.
(2) Authentication is canceled by link-down of the authentication terminal connection port.
When a port to which authenticated terminals are connected goes down, the switch clears the authentication status of terminals connected to that port.
(3) Deauthorization by changing VLAN settings
If you use configuration commands to change the configuration of a VLAN that includes authenticated terminals, the switch clears the authentication status of terminals associated with that VLAN.
- The following configuration changes trigger a logout:
-
-
Deletion of a VLAN
-
Suspension of a VLAN
-
(4) Authentication cancellation by switching authentication mode
If the authentication mode is switched by using the configuration command, all terminals are deactivated.
(5) Deactivation by Suspending IEEE802.1X
If IEEE802.1X is deleted by the configuration command and IEEE802.1X is stopped, all terminals are deauthorized.
(6) Logging Out by Deleting Dynamically Registered VLAN
If the switchport mac vlan configuration command is set to an authentication port for which a VLAN is dynamically created, the VLAN ID dynamically created for the port is deleted, and terminals that belonged to the VLAN are unauthenticated.