Security: 802.1X Authentication
Port Authentication
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x 324
17
- Reject—If the RADIUS server authorized the supplicant, but did not provide a
supplicant VLAN, the supplicant is rejected.
- Static—If the RADIUS server authorized the supplicant, but did not provide a
supplicant VLAN, the supplicant is accepted.
• Guest VLAN—Select to enable using a guest VLAN for unauthorized ports. If a guest
VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the
Guest VLAN ID field in the Port Authentication page.
After an authentication failure, and if guest VLAN is activated globally on a given port,
the guest VLAN is automatically assigned to the unauthorized ports as an Untagged
VLAN.
• Open Access—Select to successfully authenticate the port even though authentication
fails. See Open Access.
• 802.1X Based Authentication—Select to enable 802.1X authentication on the port.
• MAC Based Authentication—Select to enable port authentication based on the
supplicant MAC address. Only 8 MAC-based authentications can be used on the port.
NOTE For MAC authentication to succeed, the RADIUS server supplicant username
and password must be the supplicant MAC address. The MAC address must be in lower
case letters and entered without the. or - separators; for example: 0020aa00bbcc.
• Web Based Authentication—Select to enable web-based authentication based on the
supplicant MAC address.
• Periodic Reauthentication—Select to enable port re-authentication attempts after the
specified Reauthentication Period.
• Reauthentication Period—Enter the number of seconds after which the selected port
is reauthenticated.
• Reauthenticate Now—Select to enable immediate port re-authentication.
• Authenticator State—Displays the defined port authorization state. The options are:
- Initialize—In process of coming up.
- Force-Authorized—Controlled port state is set to Force-Authorized (forward
traffic).
- Force-Unauthorized—Controlled port state is set to Force-Unauthorized (discard
traffic).
NOTE If the port is not in Force-Authorized or Force-Unauthorized, it is in Auto Mode
and the authenticator displays the state of the authentication in progress. After the port
is authenticated, the state is shown as Authenticated.
To Next Page
Loading...
