Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200 Series Smart Switch Administration Guide 270
20
The following values are available:
• force-authorized
Port authentication is disabled and the port transmits all traffic in accordance with its static
configuration without requiring any authentication. The switch sends the 802.1x EAP-packet with the
EAP success message inside when it receives the 802.1x EAPOL-start message.
This is the default state.
• force-unauthorized
Port authentication is disabled and the port transmits all traffic via the guest VLAN and
unauthenticated VLANs. For more information see Defining Host and Session Authentication. The
switch sends 802.1x EAP packets with EAP failure messages inside when it receives 802.1x EAPOL-
Start messages.
• auto
Enables 802.1 x authentications in accordance with the configured port host mode and
authentication methods configured on the port.
Port Host Modes
Ports can be placed in the following port host modes (configured in the Security > 802.1X > Host and
Authentication page):
• Single-Host Mode
A port is authorized if there is an authorized client. Only one host can be authorized on a port.
When a port is unauthorized and the guest VLAN is enabled, untagged traffic is remapped to the
guest VLAN. Tagged traffic is dropped unless it belongs to the guest VLAN or to an unauthenticated
VLAN. If a guest VLAN is not enabled on the port, only tagged traffic belonging to the
unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from the authorized host is bridged based on
the static VLAN membership port configuration. Traffic from other hosts is dropped.
A user can specify that untagged traffic from the authorized host will be remapped to a VLAN that is
assigned by a RADIUS server during the authentication process. Tagged traffic is dropped unless it
belongs to the RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN assignment on a
port is set in the Security > 802.1X > Port Authentication page.
• Multi-Host Mode
A port is authorized if there is if there is at least one authorized client.
To Next Page
Loading...
Need help?
General