Configuring Device Security
Configuring Network Security
Page 71
The
Port Authentication Settings Page
contains the following port authentication parameters:
•
Port
— Displays a list of interfaces on which port-based authentication is enabled.
•
User Name
— Displays the supplicant user name.
•
Admin Port Control
— Indicates the port state. The possible field values are:
–
Auto
—Enables port-based authentication on the device. The interface moves between an authorized or
unauthorized state based on the authentication exchange between the device and the client.
–
ForceAuthorized
— Indicates the interface is in an authorized state without being authenticated. The
interface re-sends and receives normal traffic without client port-based authentication.
–
ForceUnauthorized
— Denies the selected interface system access by moving the interface into
unauthorized state. The device cannot provide authentication services to the client through the interface.
•
Current Port Control
— Displays the current port authorization state. The possible field values are:
–
Authorized —
Indicates the interface is in an authorized state.
–
Unauthorized —
Denies the selected interface system access.
•
Action on Violation
— Indicates the intruder action defined for the port. Indicates the action to be applied to
packets arriving on a locked port. The possible values are: The possible field values are:
–
Forward
— Enables the forwarding of frames with source addresses that are
not
the supplicant’s
address, while
not
learning the source addresses.
–
Discard
— Enables the discarding of frames with source addresses that are
not
the supplicant’s
address. This is the default value.
–
Shutdown
— The port is shut down and enables the discarding of frames with source addresses that are
not the supplicant’s address.
•
Violation Notification
— Indicates if the SNMP trap generated if there is a violation. The possible field
values are:
–
Enable
— A notification is sent.
–
Disable
— A notification is
not
sent.
•
Violation Notification Frequency
— Enter the frequency to send notifications.
•
Enable Guest VLAN
— Indicates if the Guest VLAN is enabled. The possible field values are:
–
Checked
— Enables the Guest VLAN.
–
Unchecked
— Disables the Guest VLAN. This is the default value.
•
Authentication Method
— Defines the user authentication methods. MAC authentication ensures that end-
user stations meet security policies criteria, and protects networks from viruses. The possible values are:
–
802.1X Only
– Enables only 802.1X authentication on the device.
–
MAC Only
— Enables only MAC authentication on the device.
–
MAC + 802.1X
– Enables MAC Authenti 802.1X authentication on the device. In case of MAC+
802.1x, 802.1x takes precedence.
•
Enable Dynamic VLAN Assignment
— Enables automatically assigning users to VLANs during RADIUS
server authentication. When a user is authenticated by the RADIUS server, the user is automatically joined to
the VLAN that is defined in the RADIUS server. The VLANs that cannot participate in DVA are:
–
An Unauthenticated VLAN.
–
A Dynamic VLAN that was created by GVRP.
–
A Voice VLAN.
–
A Default VLAN
–
A Guest VLAN:
