IEEE 802.1x (Port Based Network Access Control)
Issue 2 July 2005 127
IEEE 802.1x Implementation in the C360
This section lists the conditions that govern the implementation of the 802.1x standard in the
C360 line:
● You can configure 802.1x on the 10/100 Mbps Ethernet ports only.
● 802.1x can work only if a RADIUS server is configured on the C360 and the RADIUS
server is carefully configured to support 802.1x.
● 802.1x and port/intermodule redundancy can co-exist on the same ports.
● 802.1x and LAGs can coexist on the same ports.
● 802.1x and Spanning Tree can be simultaneously active on a module.
Note:
Note: If either 802.1x or STP/RSTP are in a blocking state, the final state of the port will
be blocked.
● When 802.1x is activated, the application immediately places all ports in a blocking state
unless they were declared "Force Authenticate". They will be reverted to "Forwarding"
state only when the port is authorized by the RADIUS server.
Note:
Note: The actual state of ports configured as "Force Authenticate" is determined by the
STA.
Configuring the C360 for 802.1x
This section lists the basic tasks required to configure a C360 stack for 802.1x. To configure
C360 for 802.1x, do the following:
● Configure a RADIUS server on a network reachable from the C360:
- Create user names and passwords for allowed users.
- Make sure the EAP option is enabled on this server.
● Configure the C360 for RADIUS:
- Configure RADIUS parameters.
- Enable the RADIUS feature.
- Configure the port used to access the RADIUS server as "force-authorized."
Tip:
Tip: You can configure on the RADIUS server a PVID, static VLAN binding and port
level for each authenticated user. If the port that the user is connected to is
authorized, those parameters will be assigned to the port.
To Next Page
Loading...
