Configuring 802.1X Port Authentication
6-21
6
•
Max Count
– The maximum number of hosts that can connect to a port when the
operation mode is set to Multi-Host. (Range: 1-1024; Default: 5)
•
Mode
– Sets the authentication mode to one of the following options:
-
Auto
– Requires a dot1x-aware client to be authorized by the authentication
server. Clients that are not dot1x-aware will be denied access.
-
Force-Authorized
– Forces the port to grant access to all clients, either
dot1x-aware or otherwise. (This is the default setting.)
-
Force-Unauthorized
– Forces the port to deny access to all clients, either
dot1x-aware or otherwise.
802.1X port authentication and port security (page 6-16) cannot be configured
together on the same port. Only one of these security mechanisms can be applied.
802.1X port authentication cannot be configured on trunk ports. In other words, a
static or dynamically configured trunk cannot be set to Auto or Force-Unauthorized
mode.
When 802.1X authentication is enabled on a port, the MAC address learning
function for this interface is disabled, and the addresses dynamically learned on
this port are removed.
Authenticated MAC addresses are stored as dynamic entries in the switch’s secure
MAC address table. Configured static MAC addresses are added to the secure
address table when seen on a switch port. Static addresses are treated as
authenticated without sending a request to a RADIUS server.
When port status changes to down, all MAC addresses are cleared from the secure
MAC address table. Static VLAN assignments are not restored.
•
Re-authentication
– Sets the client to be re-authenticated after the interval
specified by the Re-authentication Period. (Default: Disabled)
•
Max Request
– Sets the maximum number of times the switch port will retransmit
an EAP request packet to the client before it times out the authentication session.
(Range: 1-10; Default 2)
•
Quiet Period
– Sets the time that a switch port waits after the Max Request count
has been exceeded before attempting to acquire a new client. (Range: 1-65535
seconds; Default: 60 seconds)
•
Re-authentication Period
– Sets the time period after which a connected client
must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 seconds)
•
TX Period
– Sets the time period during an authentication session that the switch
waits before re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)
•
Authorized
–
-
Yes
– Connected client is authorized.
-
No
– Connected client is not authorized.
-
Blank
– Displays nothing when dot1x is disabled on a port.
•
Supplicant
– Indicates the MAC address of a connected client.
•
Trunk
– Indicates if the port is configured as a trunk port.
Summary of Contents for 8926EM
Page 6: ...ii ...
Page 34: ...Getting Started ...
Page 44: ...Introduction 1 10 1 ...
Page 62: ...Initial Configuration 2 18 2 ...
Page 64: ...Switch Management ...
Page 76: ...Configuring the Switch 3 12 3 ...
Page 118: ...Basic Management Tasks 4 42 4 ...
Page 164: ...User Authentication 6 28 6 ...
Page 176: ...Access Control Lists 7 12 7 ...
Page 284: ...Quality of Service 14 8 14 ...
Page 294: ...Multicast Filtering 15 10 15 ...
Page 300: ...Domain Name Service 16 6 16 ...
Page 310: ...Dynamic Host Configuration Protocol 17 10 17 ...
Page 320: ...Configuring Router Redundancy 18 10 18 ...
Page 344: ...IP Routing 19 24 19 ...
Page 356: ...Unicast Routing 20 12 20 Web Click Routing Protocol RIP Statistics Figure 20 5 RIP Statistics ...
Page 386: ...Unicast Routing 20 42 20 ...
Page 388: ...Command Line Interface ...
Page 400: ...Overview of the Command Line Interface 21 12 21 ...
Page 466: ...SNMP Commands 24 16 24 ...
Page 520: ...Access Control List Commands 26 18 26 ...
Page 546: ...Rate Limit Commands 30 2 30 ...
Page 612: ...VLAN Commands 34 24 34 ...
Page 626: ...Class of Service Commands 35 14 35 ...
Page 670: ...DHCP Commands 39 16 39 ...
Page 716: ...IP Interface Commands 41 36 41 ...
Page 768: ...IP Routing Commands 42 52 42 ...
Page 770: ...Appendices ...
Page 791: ......