Hello,
we're in the progress of rolling out 802.1X on N2000 switches. We want the following features:
- Fall Back to MAB
- Dynamic VLAN Assignment
- Guest VLAN (for PXE)
- AAA per MAC
So we have the following config on our test ports.
switchport mode general switchport general allowed vlan remove 1 dot1x port-control mac-based dot1x reauthentication dot1x timeout guest-vlan-period 4 dot1x unauth-vlan 2 dot1x mac-auth-bypass authentication order dot1x mab authentication priority dot1x mab
This works fine so far. The client boots, passes PXE and then authenticates using 802.1X. The Problem here is, that the unauth VLAN does not get removed again. So all Broadcast from our unauth VLAN is visible on a Port where only one successfully authenticated Client is attached.
We would expect, that after the client switches to 802.1X and is authenticated, the unauth VLAN would be removed from the port. What is missing for this to happen?