13-2
Configuring Port-Based and User-Based Access Control (802.1X)
Overview
• Authentication of 802.1X access using a RADIUS server and either the
EAP or CHAP protocol.
• Provision for enabling clients that do not have 802.1 supplicant soft-
ware to use the switch as a path for downloading the software and
initiating the authentication process (802.1X Open VLAN mode).
• User-Based access control option with support for up to 32 authenti-
cated clients per-port.
• Port-Based access control option allowing authentication by a single
client to open the port. This option does not force a client limit and,
on a port opened by an authenticated client, allows unlimited client
access without requiring further authentication.
• Supplicant implementation using CHAP authentication and indepen-
dent user credentials on each port.
■ The local operator password configured with the password command for
management access to the switch is no longer accepted as an 802.1X
authenticator credential. The password port-access command configures
the local operator username and password used as 802.1X authentication
credentials for access to the switch. The values configured can be stored
in a configuration file using the include-credentials command. For infor-
mation about the password port-access command, see “Do These Steps
Before You Configure 802.1X Operation” on page 13-13.
■ On-demand change of a port’s configured VLAN membership status to
support the current client session.
■ Session accounting with a RADIUS server, including the accounting
update interval.
■ Use of Show commands to display session counters.
■ Support for concurrent use of 802.1X and either Web authentication or
MAC authentication on the same port.
■ For unauthenticated clients that do not have the necessary 802.1X suppli-
cant software (or for other reasons related to unauthenticated clients),
there is the option to configure an Unauthorized-Client VLAN. This mode
allows you to assign unauthenticated clients to an isolated VLAN through
which you can provide the necessary supplicant software and/or other
services you want to extend to these clients.
User Authentication Methods
The switch offers two methods for using 802.1X access control. Generally, the
“Port Based” method supports one 802.1X-authenticated client on a port,
which opens the port to an unlimited number of clients. The “User-Based”
To Next Page
Loading...
Need help?
General