C
HAPTER
13
| Security Measures
Configuring 802.1X Port Authentication
– 344 –
â—† The RADIUS server and 802.1X client support EAP. (The switch only
supports EAPOL in order to pass the EAP packets from the server to the
client.)
â—† The RADIUS server and client also have to support the same EAP
authentication type – MD5, PEAP, TLS, or TTLS. (Native support for
these encryption methods is provided in Windows 8, Windows 7, Vista,
and XP, and in Windows 2000 with Service Pack 4. To support these
encryption methods in Windows 95 and 98, you can use the AEGIS
dot1x client or other comparable client software)
CONFIGURING 802.1X
GLOBAL SETTINGS
Use the Security > Port Authentication (Configure Global) page to
configure IEEE 802.1X port authentication. The 802.1X protocol must be
enabled globally for the switch system before port settings are active.
CLI REFERENCES
â—† "802.1X Port Authentication" on page 645
PARAMETERS
These parameters are displayed:
◆ Port Authentication Status – Sets the global setting for 802.1X.
(Default: Disabled)
◆ EAPOL Pass Through – Passes EAPOL frames through to all ports in
STP forwarding state when dot1x is globally disabled.
(Default: Disabled)
When this device is functioning as intermediate node in the network
and does not need to perform dot1x authentication, EAPOL Pass
Through can be enabled to allow the switch to forward EAPOL frames
from other switches on to the authentication servers, thereby allowing
the authentication process to still be carried out by switches located on
the edge of the network.
When this device is functioning as an edge switch but does not require
any attached clients to be authenticated, EAPOL Pass Through can be
disabled to discard unnecessary EAPOL traffic.
◆ Identity Profile User Name – The dot1x supplicant user name.
(Range: 1-8 characters)
The global supplicant user name and password are used to identify this
switch as a supplicant when responding to an MD5 challenge from the
authenticator. These parameters must be set when this switch passes
client authentication requests to another authenticator on the network
(see "Configuring Port Supplicant Settings for 802.1X" on page 349).
◆ Set Password – Allows the dot1x supplicant password to be entered.
◆ Identity Profile Password – The dot1x supplicant password used to
identify this switch as a supplicant when responding to an MD5
challenge from the authenticator. (Range: 1-8 characters)
To Next Page
Loading...
Need help?
General