KB.15.15

Figure 342 Active VLAN Configuration

In Figure 342 (page 476), if RADIUS authorizes an 802.1X client on port A2 with the requirement

that the client use VLAN 22, then: VLAN 22 becomes available as Untagged on port A2 for the

duration of the session. VLAN 33 becomes unavailable to port A2 for the duration of the session

(because there can be only one untagged VLAN on any port). To view the temporary VLAN

assignment as a change in the active configuration, use the show vlan <vlan-id> command as

shown in Figure 343 (page 476) where <vlan-id> is the (static or dynamic) VLAN used in the

authenticated client session.

Figure 343 The Active Configuration for VLAN 22 Temporarily Changes for the 802.1X Session

However, as shown in Figure 342 (page 476), because VLAN 33 is configured as untagged on

port A2 and because a port can be untagged on only one VLAN, port A2 loses access to VLAN

33 for the duration of the 802.1X session on VLAN 22. You can verify the temporary loss of access

to VLAN 33 by entering the show vlan 33 command as shown in Figure 344 (page 477).

476 Port-Based and User-Based Access Control (802.1X)