VLAN authentication
VLAN authentication is only supported on 7210 SAS-Mxp, 7210 SAS-R6, 7210 SAS-Sx/S 1/10GE (standalone), and 7210 SAS-T.
The 7210 SAS supports VLAN authentication, which operates similarly to 802.1x network access control but only uses VLAN-tagged EAPOL frames to trigger the authentication process on a per-VLAN basis, or uses null-tagged EAPOL frames to authenticate and authorize processing of service traffic received in the context of a Dot1q explicit null SAP. See 802.1x network access control for information about 802.1x network access control and authentication.
To authenticate a port using VLAN authentication, you must first configure 802.1x authentication on the 7210 SAS by enabling port-control auto, and then configure vlan-auth on the 7210 SAS to enable VLAN authentication and allow VLAN authentication functionality to supersede that of basic 802.1x authentication.
VLAN authentication and MAC authentication are mutually exclusive. MAC authentication cannot be configured on a port while VLAN authentication is already configured on the same port. See MAC authentication for information about MAC authentication.
Layer 2 control protocols affect VLAN authentication behavior differently depending on the protocol in use; see Layer 2 control protocol interaction with authentication methods for more information.