User Authentication
3-83
3
Configuring Port Settings for 802.1X
When 802.1X is enabled, you need to configure the parameters for the
authentication process that runs between the client and the switch (i.e.,
authenticator), as well as the client identity lookup process that runs between the
switch and authentication server. These parameters are described in this section.
Command Attributes
•
Port
– Port number.
•
Status
– Indicates if authentication is enabled or disabled on the port.
(Default: Disabled)
•
Operation Mode
– Allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. (Options: Single-Host, Multi-Host; Default: Single-Host)
•
Max Count
– The maximum number of hosts that can connect to a port when the
Multi-Host operation mode is selected. (Range: 1-1024; Default: 5)
•
Mode
– Sets the authentication mode to one of the following options:
-
Auto
– Requires a dot1x-aware client to be authorized by the authentication
server. Clients that are not dot1x-aware will be denied access.
-
Force-Authorized
– Forces the port to grant access to all clients, either
dot1x-aware or otherwise. (This is the default setting.)
-
Force-Unauthorized
– Forces the port to deny access to all clients, either
dot1x-aware or otherwise.
•
Re-authentication
– Sets the client to be re-authenticated after the interval
specified by the Re-authentication Period. Re-authentication can be used to detect
if a new device is plugged into a switch port. (Default: Disabled)
•
Max-Request
– Sets the maximum number of times the switch port will retransmit
an EAP request packet to the client before it times out the authentication session.
(Range: 1-10; Default 2)
•
Quiet Period
– Sets the time that a switch port waits after the Max Request Count
has been exceeded before attempting to acquire a new client.
(Range: 1-65535 seconds; Default: 60 seconds)
•
Re-authentication Period
– Sets the time period after which a connected client
must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 seconds)
•
Tx Period
– Sets the time period during an authentication session that the switch
waits before re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)
•
Authorized
–
-
Yes
– Connected client is authorized.
-
No
– Connected client is not authorized.
-
Blank
– Displays nothing when dot1x is disabled on a port.
•
Supplicant
– Indicates the MAC address of a connected client.
•
Trunk
– Indicates if the port is configured as a trunk port.
Summary of Contents for 8126PL2-F
Page 1: ...MANAGEMENT GUIDE ta TigerSwitchTM 10 100 1000 L2 Lite SMB PoE Gigabit Switch SMC8126PL2 F ...
Page 2: ......
Page 6: ...vi ...
Page 22: ...Contents xxii ...
Page 26: ...Tables xxvi ...
Page 48: ...Initial Configuration 2 10 2 ...
Page 117: ...User Authentication 3 69 3 Web Click Security AAA Summary Figure 3 43 AAA Accounting Summary ...
Page 590: ...Command Line Interface 4 302 4 ...
Page 604: ...Glossary Glossary 8 ...
Page 612: ...Index 8 Index ...
Page 613: ......
Page 614: ...149100000023A R01 SMC8126PL2 F ...