8 Security
43
send feedbacks (through a RADIUS access-accept packet and an EAP-success packet)
to the switch to indicate that the supplicant system is authenticated.
The switch changes the state of the corresponding port to accepted state to allow the
supplicant system to access the network.
The supplicant system can also terminate the authenticated state by sending
EAPoL-Logoff packets to the switch. The switch then changes the port state from
accepted to rejected.
8.2.1 802.1x Port
This tab page sets 802.1x port enabling, port control, re-authentication and Guest VLAN for a
specified Ethernet port. There are three choices for
Port Control
:
Auto
,
Force Authorized
and
Force Unauthorized
.
Configuration Steps:
Step 1
Specify the port to configure
Caution: The port to configure authentication cannot be link-aggregation port.
Step 2
Enable or disable the 802.1x authentication function
Step 3
If
802.1x is enabled, you can further configure port control, re-authentication and
Guest VLAN;
Auto:
Specify to operate in auto access control mode. When one port operates in this
mode, all the unauthenticated hosts connected to it
are unauthorized. In this case,
only EAPoL packets can be exchanged between the switch and the hosts. And the
authenticated hosts connected to the port are authorized to access the network
resources.
Force Authorized:
Specify to operate in authorized-force access control mode. When
one port operates in this mode, all the hosts connected to it can
access the network resources without the need of authentication.
Force Unauthorized:
Specify to operate in unauthorized-force access control mode.
When one port operates in this mode, the hosts connected to it
cannot access the network resources.
Guest VLAN:
A guest VLAN can be enabled for each IEEE 802.1x port on the
switch to provide limited services to the clients.
Step 4
Enable or disable Re-authentication
Step 5
Enable or disable Guest VLAN
The Guest VLAN function enables supplicant systems that that are not authenticated to
