Configuring 802.1X and Port-Based Security 515Controlling Authentication-Based VLAN AssignmentThe network in this example uses three VLANs to control access to networkresources. When a client connects to the network, it is assigned to a particularVLAN based on one of the following events:• It attempts to contact the 802.1X server and is authenticated.• It attempts to contact the 802.1X server and fails to authenticate.• It does not attempt to contact the 802.1X server.The following table describes the three VLANs:The commands in this example show how to configure the switch to controlVLAN assignment for the example network. This example also containscommands to configure the uplink, or trunk, port (a port connected to arouter or the internal network), and to configure the downlink, or access,ports (ports connected to one or more hosts). Ports 1–23 are downstreamports. Port 24 is an uplink port. An external RADIUS server handles theVLAN assignment.VLAN ID VLAN Name VLAN Purpose100 Authorized Data from authorized clients200 Unauthorized Data traffic from clients that fail the authenticationwith the RADIUS server300 Guest Data traffic from clients that do not attempt toauthenticate with the RADIUS serverNOTE: Dynamic VLAN creation applies only to authorized ports. The VLANs forunauthorized and guest users must be configured on the switch and cannot bedynamically created based on RADIUS-based VLAN assignment.NOTE: The configuration to control the VLAN assignment for authorized users isdone on the external RADIUS server.