The Multi-auth Per
User VLAN assignment feature allows you to create multiple operational access
VLANs based on VLANs assigned to the clients on the port that has a single
configured access VLAN. The port configured as an access port where the traffic
for all the VLANs associated with data domain is not dot1q tagged, and these
VLANs are treated as native VLANs.
The number of hosts
per multi-auth port is 8, however there can be more hosts.
The following
scenarios are associated with the multi-auth Per User VLAN assignments:
Scenario one
When a hub is
connected to an access port, and the port is configured with an access VLAN
(V0).
The host (H1) is
assigned to VLAN (V1) through the hub. The operational VLAN of the port is
changed to V1. This behaviour is similar on a single-host or multi-domain-auth
port.
When a second host
(H2) is connected and gets assigned to VLAN ( V2), the port will have two
operational VLANs (V1 and V2). If H1 and H2 sends untagged ingress traffic, H1
traffic is mapped to VLAN (V1) and H2 traffic to VLAN (V2), all egress traffic
going out of the port on VLAN (V1) and VLAN (V2) are untagged.
If both the hosts, H1
and H2 are logged out or the sessions are removed due to some reason then VLAN
(V1) and VLAN (V2) are removed from the port, and the configured VLAN (V0) is
restored on the port.
Scenario two
When a hub is
connected to an access port, and the port is configured with an access VLAN
(V0). The host (H1) is assigned to VLAN (V1) through the hub. The operational
VLAN of the port is changed to V1.
When a second host
(H2) is connected and gets authorized without explicit vlan policy, H2 is
expected to use the configured VLAN (V0) that is restored on the port. A ll
egress traffic going out of two operational VLANs, VLAN (V0) and VLAN (V1) are
untagged.
If host (H2 ) is
logged out or the session is removed due to some reason then the configured
VLAN (V0) is removed from the port, and VLAN (V1) becomes the only operational
VLAN on the port.
Scenario three
When a hub is
connected to an access port in open mode, and the port is configured with an
access VLAN (V0) .
The host (H1) is
assigned to VLAN (V1) through the hub. The operational VLAN of the port is
changed to V1. When a second host (H2) is connected and remains unauthorized,
it still has access to operational VLAN (V1) due to open mode.
If host H1 is logged
out or the session is removed due to some reason, VLAN (V1) is removed from the
port and host (H2) gets assigned to VLAN (V0).
Note |
The combination of
Open mode and VLAN assignment has an adverse affect on host (H2) because it has
an IP address in the subnet that corresponds to VLAN (V1).
|