Security: 802.1X Authentication
802.1X Configuration Through the GUI
Cisco Small Business 200 Series Smart Switch Administration Guide 277
20
• Time Range—Enable a limit on the time that the specific port is authorized for use if 802.1x has been
enabled (Port -Based authentication is checked).
• Time Range Name—Select the profile that specifies the time range.
• Max Hosts—Enter the maximum number of authorized hosts allowed on the interface. Select either
Infinite for no limit or User Defined to set a limit.
NOTE Set this value to 1 to simulate single-host mode for web-based authentication in multi-sessions
mode.
• Quiet Period—Enter the number of seconds that the device remains in the quiet state following a
failed authentication exchange.
• Resending EAP—Enter the number of seconds that the device waits for a response to an Extensible
Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the
request.
• Max EAP Requests—Enter the maximum number of EAP requests that can be sent. If a response is
not received after the defined period (supplicant timeout), the authentication process is restarted.
• Supplicant Timeout—Enter the number of seconds that lapses before EAP requests are resent to the
supplicant.
• Server Timeout—Enter the number of seconds that lapses before the device resends a request to
the authentication server.
STEP 4 Click Apply. The port settings are written to the Running Configuration file.
Defining Host and Session Authentication
The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port
and the action to perform if a violation has been detected.
See Port Host Modes for an explanation of these modes.
To define 802.1X advanced settings for ports:
STEP 1 Click Security > 802.1XAuthentication > Host and Session Authentication.
802.1X authentication parameters are described for all ports. All fields except the following are described
in the Edit page.
• Number of Violations—Displays the number of packets that arrive on the interface in single-host
mode, from a host whose MAC address is not the supplicant MAC address.
To Next Page
Loading...
