Users Guide
Switch Feature Overview 77
supported; however, the switch will transport encrypted packets, such as
PEAP or EAP-TLS packets, between the supplicant and authentication server
in support of mutual authentication and privacy.
For information about configuring IEEE 802.1X settings, see "IEEE 802.1X"
on page 334.
MAC-Based 802.1X Authentication
MAC-based authentication allows multiple supplicants connected to the
same port to each authenticate individually. The switch uses the device’s
MAC address to restrict access to the port to only the devices that have
authenticated. For example, a system attached to the port might be required
to authenticate in order to gain access to the network, while a VoIP phone
might not need to authenticate in order to send voice traffic through the port.
For information about configuring MAC-based 802.1X authentication, see
"IEEE 802.1X" on page 334.
802.1X Monitor Mode
Monitor mode can be enabled in conjunction with 802.1X authentication to
allow network access even when the user fails to authenticate. The switch logs
the results of the authentication process for diagnostic purposes. The main
purpose of this mode is to help troubleshoot the configuration of a 802.1X
authentication on the switch without affecting the network access to the
users of the switch.
For information about enabling the 802.1X Monitor mode, see "IEEE 802.1X"
on page 334.
Port Security
The port security feature limits access on a port to users with specific MAC
addresses. These addresses are manually defined or learned on that port.
When a frame is seen on a locked port, and the frame source MAC address is
not tied to that port, the protection mechanism is invoked.
For information about configuring port security, see "Port and System
Security" on page 681.