Configuration Guide 802.1x Configuration
When a user has passed authentication (the switch has received success packets from the RADIUS Server), the user is
authorized and therefore can freely use network resources. If the user fails in the authentication and remains in the
unauthenticated status, it is possible to initiate authentication once again. If the communication between the switch and
the RADIUS server is faulty, the user is still unauthorized and therefore still cannot use the network.
When the user sends the EAPOL-LOGOFF packets, its status changes from authorized to unauthorized.
When a port of the switch changes to the LINK-DOWN status, all the users on the port change to be in the unauthorized
status.
When the device restarts, all users on the device turn into the unauthorized status.
To force a user to pass the authentication, you can add a static MAC address.
Topologies of Typical Applications
Scheme 1: The 802.1x-enabled device is used as the access layer device
Figure 0-3
This solution is described as below:
Requirements of this solution:
The user supports 802.1x. That is, it is installed with the 802.1x client (Windows XP carried, Star-supplicant or other
IEEE802.1x compliant client software).
The access layer device supports IEEE 802.1x.
One or multiple RADIUS compliant servers are available as the authentication server.
Key points for configuration of this solution:
To Next Page
Loading...
