User Manual
Table Of Contents
- Contents
- Figures
- Preface
- Section I
- Basic Operations
- Chapter 1
- Starting a Web Browser Management Session
- Chapter 2
- Basic Switch Parameters
- Chapter 3
- Enhanced Stacking
- Chapter 4
- SNMPv1 and SNMPv2c Community Strings
- Chapter 5
- Port Parameters
- Chapter 6
- MAC Address Table
- Chapter 7
- Static Port Trunks
- Chapter 8
- Port Mirroring
- Section II
- Advanced Operations
- Chapter 9
- File System
- Chapter 10
- File Downloads and Uploads
- Chapter 11
- Event Log and Syslog Servers
- Chapter 12
- Classifiers
- Chapter 13
- Access Control Lists
- Chapter 14
- Quality of Service
- Chapter 15
- Class of Service
- Chapter 16
- IGMP Snooping
- Chapter 17
- Denial of Service Defense
- Chapter 18
- Power Over Ethernet
- Section III
- SNMPv3 Operations
- Chapter 19
- SNMPv3
- Enabling the SNMP Protocol
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Tables
- Section IV
- Spanning Tree Protocols
- Chapter 20
- Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols
- Section V
- Virtual LANs
- Chapter 21
- Port-based and Tagged Virtual LANs
- Chapter 22
- GARP VLAN Registration Protocol
- Chapter 23
- Protected Ports VLANs
- Section VI
- Port Security
- Chapter 24
- MAC Address-based Port Security
- Chapter 25
- 802.1x Port-based Network Access Control
- Section VII
- Management Security
- Chapter 26
- Encryption Keys, PKI, and SSL
- Chapter 27
- Secure Shell Protocol
- Chapter 28
- TACACS+ and RADIUS Authentication Protocols
- Chapter 29
- Management Access Control List
- Index
Chapter 25: 802.1x Port-based Network Access Control
338 Section VI: Port Security
Server Timeout
Sets the timer used by the switch to determine authentication server
timeout conditions. The default value for this parameter is 10 seconds.
The range is 1 to 60 seconds.
Control Direction
Specifies how the port handles ingress and egress broadcast and
multicast packets when in the unauthorized state. When a port is set to
the Authenticator role, it remains in the unauthorized state until the
client logs on by providing a username and password combination. In
the unauthorized state, the port only accepts EAP packets from the
client. All other ingress packets that the port might receive from the
client, including multicast and broadcast traffic, are discarded until the
supplicant has logged in. The options are:
Ingress - A port, when in the unauthorized state, discards all ingress
broadcast and multicast packets from the client, but forwards all
egress broadcast and multicast traffic to the same client.
Both - A port, when in the unauthorized state, does not forward ingress
or egress broadcast and multicast packets from or to the client until the
client logs in. This is the default.
Piggyback Mode
Controls who can use the switch port in cases where there are multiple
clients (e.g., the port is connected to an Ethernet hub). If set to
enabled, the port allows all clients on the port to piggy-back onto the
initial client’s authentication. The port forwards all packets, regardless
of the client, after one client has been authenticated. If set to Disabled,
the switch port forwards only those packets from the client who was
authenticated and discards packets from all other users.
VLAN Assignment
This parameter controls whether an authenticator port uses the VLAN
assignments returned by a RADIUS server. Options are:
Enabled: Specifies that the authenticator port is to use the VLAN
assignment returned by the RADIUS server when a supplicant logs
on. This is the default setting. The port automatically moves to the
designated VLAN after the supplicant successfully logs on.
Disabled: Specifies that the authenticator port ignore any VLAN
assignment information returned by the RADIUS server when a
supplicant logs on. The authenticator port remains in its predefined
VLAN assignment even if the RADIUS server returns a VLAN
assignment when a supplicant logs on. This is the default setting.
Secure VLAN
This parameter controls the action of an authenticator port to
subsequent authentications after the initial authentication where VLAN
assignments have been added to the user accounts on the RADIUS