Users Guide
334 Authentication, Authorization, and Accounting
Configuring 802.1X Settings for RADIUS-Assigned VLANs
Use the following commands to configure 802.1X settings that affect the
RADIUS-assigned VLAN.
Command Purpose
configure Enter Global Configuration mode.
aaa authorization
network default radius
Allow the RADIUS server to assign VLAN IDs to clients.
authentication dynamic-
vlan enable
If the RADIUS assigned VLAN does not exist on the
switch, allow the switch to dynamically create the assigned
VLAN.
interface interface Enter interface configuration mode for the specified
interface. The interface variable includes the interface type
and number, for example tengigabitethernet 1/0/3.
A range of interfaces can be specified using the interface
range command. For example, interface range
tengigabitethernet 1/0/8-12 configures interfaces 8, 9, 10,
11, and 12.
authentication event no-
response action
authorize vlan-id
Specify the guest VLAN.
dot1x unauth-vlan vlan-
id
Specify the unauthenticated VLAN.
CTRL + Z Exit to Privileged Exec mode.
show authentication View the current authentication configuration.
NOTE: When dynamically creating VLANs, the uplink port should be in trunk
mode so that it will automatically participate in all dynamically-created VLANs.
Otherwise, the supplicant may be placed in a VLAN that does not extend beyond
the switch because no other ports are participating.