AT-9000 Switch Command Line User’s Guide
Section VIII: Port Security 721
Operational Settings
An authenticator port can have one of three possible operational settings:
Auto - Activates port-based authentication. The port begins in the
unauthorized state, forwarding only EAPOL frames and discarding all
other traffic. The authentication process begins when the link state of
the port changes or the port receives an EAPOL-Start packet from a
supplicant. The switch requests the identity of the client and begins
relaying authentication messages between the client and the RADIUS
authentication server. After the supplicant is validated by the RADIUS
server, the port begins forwarding all traffic to and from the supplicant.
This is the default setting for an authenticator port.
Force-authorized - Disables IEEE 802.1X port-based authentication
and automatically places the port in the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without authenticating the client.
Note
A supplicant connected to an authenticator port set to force-
authorized must have 802.1x client software if the port’s
authenticator mode is 802.1x. Though the force-authorized setting
prevents an authentication exchange, the supplicant must still have
the client software to forward traffic through the port.
Force-unauthorized - Causes the port to remain in the unauthorized
state, ignoring all attempts by the supplicant to authenticate. The port
forwards EAPOL frames, but discards all other traffic. This setting is
analogous to disabling a port.
As mentioned earlier, the switch itself does not authenticate the user
names and passwords from the clients. That function is performed by the
authentication server and the RADIUS server software. The switch acts as
an intermediary for the authentication server by denying access to the
network by the client until the client has been validated by the
authentication server.
To Next Page
Loading...
