Security: 802.1X Authentication
Overview of 802.1X
483 Cisco 500 Series Stackable Managed Switch Administration Guide
22
See Port Host Modes for more information.
The following authentication methods are supported:
• 802.1x-based—Supported in all authentication modes.
• MAC-based—Supported in all authentication modes.
• WEB-based—Supported only in multi-sessions modes.
In 802.1x-based authentication, the authenticator extracts the EAP messages from
the 802.1x messages (EAPOL frames) and passes them to the authentication
server, using the RADIUS protocol.
With MAC-based or web-based authentication, the authenticator itself executes
the EAP client part of the software.
Authentication Server
An authentication server performs the actual authentication of the client. The
authentication server for the device is a RADIUS authentication server with EAP
extensions.
Open Access
The Open (Monitoring) Access feature aids in separating real authentication
failures from failures caused by mis-configuration and/or lack of resources, in an
802.1x environment.
Open Access helps system administrators understand the configuration problems
of hosts connecting to the network, monitors bad situations and enables these
problems to be fixed.
When Open Access is enabled on an interface, the switch treats all failures
received from a RADIUS server as successes and allows access to the network
for stations connected to interfaces regardless of authentication results.
Open Access changes the normal behavior of blocking traffic on a authentication-
enabled port until authentication and authorization are successfully performed.
The default behavior of authentication is still to block all traffic except Extensible
Authentication Protocol over LAN (EAPoL). However, Open Access provides the
administrator with the option of providing unrestricted access to all traffic, even
though authentication (802.1X-Based, MAC-Based, and/or WEB-Based) is enabled.
When RADIUS accounting is enabled, you can log authentication attempts and
gain visibility of who and what is connecting to your network with an audit trail.
To Next Page
Loading...
Need help?
General
