EasyManua.ls Logo

Cisco SG220-26P - Configuring 802.1 X

Cisco SG220-26P
289 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring Security
Configuring 802.1X
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 207
16
Configuring 802.1X
Port-based access control has the effect of creating two types of access on the
switch ports. One point of access enables uncontrolled communication,
regardless of the authorization state (uncontrolled port). The other point of access
authorizes communication between a host and the switch.
The 802.1x is an IEEE standard for port-based network access control. The 802.1x
framework enables a device (the supplicant) to request port access from a remote
device (authenticator) to which it is connected. Only when the supplicant
requesting port access is authenticated and authorized is it permitted to send
data to the port. Otherwise, the authenticator discards the supplicant data unless
the data is sent to a Guest VLAN.
Authentication of the supplicant is performed by an external RADIUS server
through the authenticator. The authenticator monitors the result of the
authentication.
In the 802.1x standard, a device can be a supplicant and an authenticator at a port
simultaneously, requesting port access and granting port access. However, this
device is only the authenticator, and does not take on the role of a supplicant.
The following varieties of 802.1X exist:
Single session 802.1X:
- Single-session/single host—In this mode, the switch, as an authenticator,
supports a single 802.1x session and grants permission to use the port
to the authorized supplicant. All access by other devices received from
the same port are denied until the authorized supplicant is no longer
using the port or the access is to the guest VLAN.
- Single session/multiple hosts—This follows the 802.1x standard. In this
mode, the switch as an authenticator allows any device to use a port as
long as it has been granted permission.
Multi-Session 802.1X—Every device (supplicant) connecting to a port must
be authenticated and authorized by the switch (authenticator) separately in
a different 802.1x session.

Table of Contents

Other manuals for Cisco SG220-26P

Preview: Quick Start Guide
Quick Start Guide16 pages

Related product manuals