Security
802.1X
Cisco Small Business SG200 Series 8-port Smart Switches Administration Guide
146
11
•
Authenticator: An entity that facilitates the authentication of the supplicant
on the remote end of a link. A authenticator will grant port access to a
supplicant if the authentication succeeds.
•
Authentication Server: A server, such as a RADIUS server, that performs the
authentication on behalf of the authenticator, and indicates whether the
supplicant is authorized to access services provided via the authenticating
port.
In the authentication process, 802.1X supports Extensible Authentication Protocol
(EAP) over LANs (EAPOL) message exchanges between supplicants and
authenticators.
An switch port can be configured either as an authenticator or a supplicant, but not
both.
Defining 802.1X Properties
Use the
802.1X Properties
page to configure the global 802.1X administrative
mode on the switch.
To enable 802.1X security globally:
STEP 1
Click
Security
>
802.1X
>
Properties
in the navigation window.
STEP 2
Select Enable for the Port Based Authentication State to allow 802.1X port-based
authentication globally on the switch.
STEP 3
Select an authentication method from the Authentication Method list:
•
None
—No authentication method is used.
•
Local
—The switch will perform local authentication of a remote supplicant
based on EAP-MD5. The supplicant identification must be one of the
management users configured on the switch (see
Managing User
Accounts
).
•
RADIUS
—The switch depends on one or more external RADIUS servers to
perform the authentication. You must configure the supplicant identity and
authentication directly the servers. (See
RADIUS
for information.)
•
RADIUS, None
—The switch depends on one or more external RADIUS
servers to perform the authentication. (See description of RADIUS above.) If
the switch cannot reach any servers, then no authentication is used.