Administrator Guide
Switch Feature Overview 71
however, the switch will transport encrypted packets, such as PEAP or EAP-
TLS packets, between the supplicant and authentication server in support of
mutual authentication and privacy.
For information about configuring IEEE 802.1X settings, see "Port and
System Security " on page 623.
MAC-Based 802.1X Authentication
MAC-based authentication allows multiple supplicants connected to the
same port to each authenticate individually. For example, a system attached
to the port might be required to authenticate in order to gain access to the
network, while a VoIP phone might not need to authenticate in order to send
voice traffic through the port.
For information about configuring MAC-based 802.1X authentication, see
"Port and System Security " on page 623.
802.1X Monitor Mode
Monitor mode can be enabled in conjunction with 802.1X authentication to
allow network access even when the user fails to authenticate. The switch logs
the results of the authentication process for diagnostic purposes. The main
purpose of this mode is to help troubleshoot the configuration of a 802.1X
authentication on the switch without affecting the network access to the
users of the switch.
For information about enabling the 802.1X Monitor mode, see "Port and
System Security " on page 623.
MAC-Based Port Security
The port security feature limits access on a port to users with specific MAC
addresses. These addresses are manually defined or learned on that port.
When a frame is seen on a locked port, and the frame source MAC address is
not tied to that port, the protection mechanism is invoked.
For information about configuring MAC-based port security, see "Port and
System Security " on page 623.