User Manual
Table Of Contents
- Contents
- Figures
- Preface
- Section I
- Basic Operations
- Chapter 1
- Starting a Web Browser Management Session
- Chapter 2
- Basic Switch Parameters
- Chapter 3
- Enhanced Stacking
- Chapter 4
- SNMPv1 and SNMPv2c Community Strings
- Chapter 5
- Port Parameters
- Chapter 6
- MAC Address Table
- Chapter 7
- Static Port Trunks
- Chapter 8
- Port Mirroring
- Section II
- Advanced Operations
- Chapter 9
- File System
- Chapter 10
- File Downloads and Uploads
- Chapter 11
- Event Log and Syslog Servers
- Chapter 12
- Classifiers
- Chapter 13
- Access Control Lists
- Chapter 14
- Quality of Service
- Chapter 15
- Class of Service
- Chapter 16
- IGMP Snooping
- Chapter 17
- Denial of Service Defense
- Chapter 18
- Power Over Ethernet
- Section III
- SNMPv3 Operations
- Chapter 19
- SNMPv3
- Enabling the SNMP Protocol
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Tables
- Section IV
- Spanning Tree Protocols
- Chapter 20
- Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols
- Section V
- Virtual LANs
- Chapter 21
- Port-based and Tagged Virtual LANs
- Chapter 22
- GARP VLAN Registration Protocol
- Chapter 23
- Protected Ports VLANs
- Section VI
- Port Security
- Chapter 24
- MAC Address-based Port Security
- Chapter 25
- 802.1x Port-based Network Access Control
- Section VII
- Management Security
- Chapter 26
- Encryption Keys, PKI, and SSL
- Chapter 27
- Secure Shell Protocol
- Chapter 28
- TACACS+ and RADIUS Authentication Protocols
- Chapter 29
- Management Access Control List
- Index
Chapter 25: 802.1x Port-based Network Access Control
336 Section VI: Port Security
3. Adjust the parameters as needed. The parameters are described
below:
Authenticator Mode
This parameter can take the following values on an authenticator port:
802.1x: Specifies 802.1x username and password authentication.
With this authentication method the supplicant must provide, either
manually or automatically, a username and password to the
authenticator port. Supplicant nodes must have 802.1x client
software for this authentication method.
MAC Based: Specifies MAC address-based authentication. The
authenticator port extracts the source MAC address from the initial
frames received from a supplicant and automatically sends the
address as both the username and password of the supplicant to
the authentication server. Supplicant nodes do not need 802.1x
client software for this authentication method.
Supplicant Mode
This parameter sets the supplicant mode of an authenticator port and
can take the following values:
Single: Configures the port to allow only one authentication. This
authenticator mode should be used together with the piggy-back
mode. When an authenticator port is set to the Single mode and
the piggy-back mode is disabled, only the authenticated client can
use the port. Packets from or to other clients on the port are
discarded. If piggy-back mode is enabled, other clients can piggy-
back onto another client’s authentication and so be able to use the
port.
Multiple: Configures the port to accept up to 20 authentications.
Every client using an authenticator port in this mode must have a
username and password combination.
Port Control
The possible settings are:
Auto - Activates 802.1x port-based authentication and causes the port
to begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the port. The authentication process begins
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the
client and begins relaying authentication messages between the client
and the authentication server. This is the default setting.
Force-authorized - Disables IEEE 802.1X port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client.