Cisco SF200-24 - 802.1 X Parameters Workflow

To Next Page

To Previous Page

Configuring Security

Configuring 802.1X

Cisco Small Business 200 1.1 Series Smart Switch Administration Guide 246

The 802.1x is an IEEE standard for port-based network access control. The 802.1x

framework enables a device (the supplicant) to request port access from a remote

device (authenticator) to which it is connected. Only when the supplicant

requesting port access is authenticated and authorized is it permitted to send

data to the port. Otherwise, the authenticator discards the supplicant data.

Authentication of the supplicant is performed by an external RADIUS server

through the authenticator. The authenticator monitors the result of the

authentication.

In the 802.1x standard, a device can be a supplicant and an authenticator at a port

simultaneously, requesting port access and granting port access. However, this

device is only the authenticator, and does not take on the role of a supplicant.

The following varieties of 802.1X exist:

• Single session 802.1X:

- A1 —Single-session/single host. In this mode, the switch, as an

authenticator, supports a single 802.1x session and grants permission to

use the port to the authorized supplicant. All access by other devices

received from the same port are denied until the authorized supplicant is

no longer using the port or the access is to the unauthenticated VLAN.

- Single session/multiple hosts—This follows the 802.1x standard. In this

mode, the switch as an authenticator allows any device to use a port as

long as it has been granted permission.

• Multi-Session 802.1X—Every device (supplicant) connecting to a port

must be authenticated and authorized by the switch (authenticator)

separately in a different 802.1x session. Authentication Methods

The authentication method can be:

• 802.1x—The switch supports the authentication mechanism as described in

the standard to authenticate and authorize 802.1x supplicants.

802.1X Parameters Workflow

Define the 802.1X parameters as follows:

• (Optional) Define one or more static VLANs as unauthenticated VLANs as

described in the Defining 802.1X Properties section. 802.1x authorized

and unauthorized devices or ports can always send or receive packets to or

from unauthenticated VLANs.

Related product manuals