This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can 802.1x traffic be passed on a tagged VLAN?

Can 802.1x traffic be passed on a tagged VLAN?

Go to solution
Eric_Gohringer
New Contributor

‎05-05-2021 04:53 PM

I’m using Ubiquiti switches to attach multiple clients to a single port on an Extreme X460G2 port.  With 802.1x disabled everywhere on the Ubiquiti switch and eapol flood mode enabled I do have this working with untagged traffic. It has been a bit of an uphill battle, and there is very little on the web about it (at least that I am able to find). As long as the VLAN that I want 802.1x clients to authenticate on is untagged to the upstream switch it works. I have been able to make/break it in multiple test scenarios. What I am really puzzled about is where do the eapol packets get dropped when I tag the VLAN. Is it on the Ubiquiti/sending side, or the Extreme/receiving side?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Stefan_K_
Valued Contributor

‎05-06-2021 01:57 PM

Hi Eric,

I have done this multiple times with “dumb” mini-switches. So far no issues.

I also do this always with VoIP phones and cascaded clients behind the VoIP phone, where Client and VoIP-phone are moved to different vlans. I belive the maxium is 512 different users/clients per Port.

Best regards
Stefan

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Eric_Gohringer
New Contributor

‎05-06-2021 02:02 PM

I’ve done this with phones as well, but always considered the phone a little dumber than a dumb switch since there is only one port past it anyway.  I never thought to attempt multiple untagged VLANs.  I’ll set this up and see how it goes.  Thanks for the info!

0 Kudos

Go to solution
Stefan_K_
Valued Contributor

‎05-06-2021 01:57 PM

Hi Eric,

I have done this multiple times with “dumb” mini-switches. So far no issues.

I also do this always with VoIP phones and cascaded clients behind the VoIP phone, where Client and VoIP-phone are moved to different vlans. I belive the maxium is 512 different users/clients per Port.

Best regards
Stefan

0 Kudos

Go to solution
Eric_Gohringer
New Contributor

‎05-06-2021 01:04 PM

So if I leave the Ubiquiti flat I can use policy to move individual clients to the appropriate VLAN and devices will communicate properly?  I’ve done this on a 1:1 with a device/port, but haven’t attempted with multiple devices.  I assumed that having that many untagged VLANs would create confusion.  

0 Kudos

Go to solution
Stefan_K_
Valued Contributor

‎05-05-2021 09:39 PM

Hello,

can’t really answer your question, but wanted to say, that there is no need to configure VLANs at all on the Ubiquiti. You can still move different clients on the ubiquiti to different vlans. The X460-G2 is able to handle it all on its own. So there also shouldn’t be the need to tag any vlan on the uplink.

0 Kudos
GTM-P2G8KFN