802.1X support for VXLANs

As shown in Figure 36, when the device acts as both a VXLAN VTEP and a NAS, users' service information cannot be identified by VLANs. To resolve this issue, you must configure the RADIUS server to assign VSIs to authenticated 802.1X users. The NAS will map a user's traffic to the VXLAN that is associated with the user's authorization VSI. The mapping criteria include the user's access VLAN, access port, and MAC address. MAC address information is required only when the access port performs MAC-based access control.

For information about VSIs and VXLANs, see VXLAN Configuration Guide.

Figure 36: VXLAN network diagram for 802.1X authentication