![background image](http://html1.mh-extra.com/html/linksys/smart-switch-lgs3xx/smart-switch-lgs3xx_user-manual_1924717084.webp)
80
Table of Contents
Linksys
When a port is in multi-session mode and RADIUS-Assigned VLAN is enabled,
the device automatically adds the port as an untagged member of the VLAN
that is assigned by the RADIUS server during the authentication process
The device classifies untagged packets to the assigned VLAN if the packets
originated from the devices or ports that are authenticated and authorized
NOTE:
In multi-session mode, RADIUS VLAN assignment is only supported when
the device is in Layer 2 system mode
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave
as follows:
•
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the RADIUS-assigned
VLAN are bridged via this VLAN All other traffic not belonging to
unauthenticated VLANs is discarded
•
Full Multi-Sessions Mode
Untagged traffic and tagged traffic not belonging to the unauthenticated
VLANs arriving from the client are assigned to the RADIUS-assigned VLAN
using TCAM rules and are bridged via the VLAN
Common Tasks
Workflow 1: To enable 802 1x authentication on a port:
STEP 1 Click Configuration > Security > Network Access Control > Feature
Configuration
STEP 2 Enable Port-based Authentication
STEP 3 Select the Authentication Method
STEP 4 Click Apply, and the Running Configuration file is updated
STEP 5 Click Configuration > Security > Network Access Control > Port
Authentication
STEP 6 Select the required port and click Edit
STEP 7 Set the Host Authentication mode
STEP 8 Select a port, and click Edit
STEP 9 Set the Administrative Port Control field to Auto
STEP 10 Define the authentication methods
STEP 11 Click Apply, and the Running Configuration file is updated
Workflow 2: To configure 802 1x-based authentication
STEP 1 Click Configuration
> Security > Network Access Control > Port
Authentication
STEP 2
Select the required port and click Edit
STEP 3
Enter the fields required for the port The fields in this page are
described in Port Authentication
STEP 4
Click Apply, and the Running Configuration file is updated
Workflow 3: To configure the guest VLAN:
STEP 1 Click Security > Network Access Control > Feature Configuration
STEP 2
Select Enable in the Guest VLAN field
STEP 3
Select the guest VLAN in the Guest VLAN ID field
STEP 4
Click Apply, and the Running Configuration file is updated
Feature Configuration
The Feature Configuration page is used to globally enable 802 1X and define
how ports are authenticated For 802 1X to function, it must be activated
globally and individually on each port
To define port-based authentication:
STEP 1
Click Configuration > Security > Network Access Control > Feature
Configuration
STEP 2
Enter the parameters
•
Port-Based Authentication—Enable or disable port-based authentication
If this is disabled 802 1X is disabled
•
Authentication Method—Select the user authentication methods The
options are as follows:
•
RADIUS, None—Perform port authentication first by using the
RADIUS server If no response is received from RADIUS (for example,
if the server is down), then no authentication is performed, and the
session is permitted
•
RADIUS—Authenticate the user on the RADIUS server If no
authentication is performed, the session is not permitted
•
None—Do not authenticate the user Permit the session