C
HAPTER
13
| Security Measures
Configuring 802.1X Port Authentication
– 346 –
clients through the remote authenticator (see "Configuring Port
Supplicant Settings for 802.1X" on page 349).
◆ This switch can be configured to serve as the authenticator on selected
ports by setting the Control Mode to Auto on this configuration page,
and as a supplicant on other ports by the setting the control mode to
Force-Authorized on this page and enabling the PAE supplicant on the
Supplicant configuration page.
PARAMETERS
These parameters are displayed:
◆ Port – Port number.
◆ Status – Indicates if authentication is enabled or disabled on the port.
The status is disabled if the control mode is set to Force-Authorized.
◆ Authorized – Displays the 802.1X authorization status of connected
clients.
■
Yes – Connected client is authorized.
■
N/A – Connected client is not authorized, or port is not connected.
◆ Supplicant – Indicates the MAC address of a connected client.
◆ Control Mode – Sets the authentication mode to one of the following
options:
■
Auto – Requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be
denied access.
■
Force-Authorized – Forces the port to grant access to all clients,
either dot1x-aware or otherwise. (This is the default setting.)
■
Force-Unauthorized – Forces the port to deny access to all
clients, either dot1x-aware or otherwise.
◆ Operation Mode – Allows single or multiple hosts (clients) to connect
to an 802.1X-authorized port. (Default: Single-Host)
■
Single-Host – Allows only a single host to connect to this port.
■
Multi-Host – Allows multiple host to connect to this port.
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access.
Similarly, a port can become unauthorized for all hosts if one
attached host fails re-authentication or sends an EAPOL logoff
message.
To Next Page
Loading...
