Supplicant
Supplicant
Authenticator
switch
Authentication
server (RADIUS)
192.168.10.23
Configuration Examples
196
XS728T ProSAFE 28-Port 10-Gigabit L2+ Smart Switch
Sample 802.1x Configuration
This example shows how to configure the switch so that 802.1x-based authentication is
required on the ports in a corporate conference room (xg1–xg8). These ports are available to
visitors and need to be authenticated before they are granted access to the network. The
authentication is handled by an external RADIUS server. When the visitor is successfully
authenticated, traffic is automatically assigned to the guest VLAN. This example assumes
that a VLAN has been configured with a VLAN ID of 150 and VLAN name of Guest.
1. In the Port
Authentication screen, select ports xg1 through xg8.
2. From the Port Control list, select Auto.
The Port Control setting for all other ports where authentication is not needed must be
Authorized. When the Port Control setting is
Authorized, the port is unconditionally put in
a force-authorized state and does not require any authentication. When the Port Control
setting is Auto, the authenticator PAE sets the controlled port mode.
3. In the Guest VLAN field for ports xg1–xg8, enter 150 to assign these ports to the guest
VLAN.
You can configure more settings to control access to the network through the ports. See
Port Security on page 142 for information about the settings.
4. Click Apply.
5. In the 802.1x Configuration screen, set the port-based authentication state and guest VLAN
mode to Enable and click Apply
.
For more information, see Port Security on page 142.
This example uses the default values for the port authentication settings, but you can
configure several more settings. For example, the EAPOL Flood Mode field allows you to
enable the forwarding of EAPoL frames when 802.1x is disabled on the device.
6. In the RADIUS Server Configuration screen, configure a RADIUS server with the following
settings:
• Server Address. 192.168.10.23
• Secret Configured. Y
es
• Secret. secret123
To Next Page
Loading...
