C
HAPTER
13
| Security Measures
Configuring 802.1X Port Authentication
– 388 –
â—† When devices attached to a port must submit requests to another
authenticator on the network, configure the Identity Profile parameters
on the Configure Global page (see "Configuring 802.1X Global Settings"
on page 386) which identify this switch as a supplicant, and configure
the supplicant parameters for those ports which must authenticate
clients through the remote authenticator (see "Configuring Port
Supplicant Settings for 802.1X" on page 391).
â—† This switch can be configured to serve as the authenticator on selected
ports by setting the Control Mode to Auto on this configuration page,
and as a supplicant on other ports by the setting the control mode to
Force-Authorized on this page and enabling the PAE supplicant on the
Supplicant configuration page.
PARAMETERS
These parameters are displayed:
◆ Port – Port number.
◆ Status – Indicates if authentication is enabled or disabled on the port.
The status is disabled if the control mode is set to Force-Authorized.
◆ Authorized – Displays the 802.1X authorization status of connected
clients.
â–
Yes – Connected client is authorized.
â–
N/A – Connected client is not authorized, or port is not connected.
◆ Control Mode – Sets the authentication mode to one of the following
options:
â–
Auto – Requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be
denied access.
â–
Force-Authorized – Forces the port to grant access to all clients,
either dot1x-aware or otherwise. (This is the default setting.)
â–
Force-Unauthorized – Forces the port to deny access to all
clients, either dot1x-aware or otherwise.
◆ Operation Mode – Allows single or multiple hosts (clients) to connect
to an 802.1X-authorized port. (Default: Single-Host)
â–
Single-Host – Allows only a single host to connect to this port.
â–
Multi-Host – Allows multiple host to connect to this port.
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access.
Similarly, a port can become unauthorized for all hosts if one
attached host fails re-authentication or sends an EAPOL logoff
message.
To Next Page
Loading...
Need help?
General
