9.1.5 How to Configure Authentication Exceptions
This section describes how to configure Web authentication-exempted ports and terminals.
- <Structure of this section>
(1) Configuring Persistent VLAN Authentication-Exception Ports
Use the following procedure to configure a port to be permitted access in fixed VLAN mode without the need for authentication.
- Points to note
-
Do not designate an authentication-exempted port as an authentication port.
Command examples
-
(config)# vlan 10
(config-vlan)# state active
(config-vlan)# exit
(config)# interface gigabitethernet 1/0/4
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# web-authentication port
(config-if)# exit
(config)# interface gigabitethernet 1/0/10
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# exit
Specifies port 1/0/4, which is assigned to VLAN ID 10 in fixed VLAN mode, as an authentication port. This procedure then configures port 1/0/10 to be permitted access without the need for authentication.
(2) Configuring Dynamic VLAN Authentication-Exception Ports
Uses the following procedure to configure a port to be permitted access in dynamic VLAN mode without the need for authentication.
- Points to note
-
Designate an authentication-exempted port as an access port, but not as an authentication port.
Command examples
-
(config)# vlan 50 mac-based
(config-vlan)# state active
(config-vlan)# exit
(config)# interface gigabitethernet 1/0/10
(config-if)# switchport mode access
(config-if)# switchport access vlan 50
(config-if)# exit
Permits access by unauthenticated terminals to MAC VLAN ID 50 from port 1/0/10.