EAP Dynamic VLAN Assignment

If you configure a RADIUS server to send a VLAN ID in the Access-Accept response, the EAP feature dynamically changes the VLAN configuration of the port by adding the port to the specified VLAN.

EAP dynamic VLAN assignment affects the following VLAN configuration values:

When you disable EAP on a port that was previously authorized, VLAN configuration values for that port are restored directly from the nonvolatile random access memory (NVRAM) of the device.

You can set up your Authentication Server (RADIUS server) for EAP dynamic VLAN assignments. You can use the Authentication Server to configure user-specific settings for VLAN memberships and port priority.

When you log on to a system that is configured for EAP authentication, the Authentication Server recognizes your user ID and notifies the device to assign preconfigured (user-specific) VLAN membership and port priorities to the device. The configuration settings are based on configuration parameters that were customized for your user ID and previously stored on the Authentication Server.

Note

Note

Static entries like IGMP, ARP, FDB configured on a port of an VLAN interface, will not be retained if the port is assigned a same VLAN by the RADIUS server and the client authenticated on the port gets disconnected or unauthenticated.