Security: 802.1X Authentication
Overview
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 351
18
The following values are available:
• force-authorized
Port authentication is disabled and the port transmits all traffic in accordance with its
static configuration without requiring any authentication. The switch sends the 802.1x
EAP-packet with the EAP success message inside when it receives the 802.1x
EAPOL-start message.
This is the default state.
• force-unauthorized
Port authentication is disabled and the port transmits all traffic via the guest VLAN and
unauthenticated VLANs. For more information see Host and Session Authentication.
The switch sends 802.1x EAP packets with EAP failure messages inside when it
receives 802.1x EAPOL-Start messages.
• auto
Enables port authentications in accordance with the configured port host mode and
authentication methods configured on the port.
Port Host Modes
Ports can be placed in the following port host modes (configured in the Host and Session
Authentication page):
• Single-Host Mode
A port is authorized if there is an authorized client. Only one host can be authorized on
a port.
When a port is unauthorized and the guest VLAN is enabled, untagged traffic is
remapped to the guest VLAN. Tagged traffic is dropped unless it belongs to the guest
VLAN or to an unauthenticated VLAN. If a guest VLAN is not enabled on the port,
only tagged traffic belonging to the unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from the authorized host is
bridged based on the static VLAN membership port configuration. Traffic from other
hosts is dropped.
A user can specify that untagged traffic from the authorized host will be remapped to a
VLAN that is assigned by a RADIUS server during the authentication process. Tagged
traffic is dropped unless it belongs to the RADIUS-assigned VLAN or the
unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port
Authentication page.
To Next Page
Loading...
Need help?
General
