Chapter 16 Port Authentication
GS3700/XGS3700 Series User’s Guide
189
The following table describes the labels in this screen.
16.2.2 Guest VLAN
When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the
correct credentials are blocked from using the port(s). You can configure your Switch to have one
VLAN that acts as a guest VLAN. If you enable the guest VLAN (10 2 in the example) on a port (2 in
the example), the user (A in the example) that is not IEEE 802.1x capable or fails to enter the
correct username and password can still access the port, but traffic from the user is forwarded to
the guest VLAN. That is, unauthenticated users can have access to limited network resources in the
same guest VLAN, such as the Internet. The rights granted to the Guest VLAN depends on how the
network administrator configures switches or routers with the guest network feature.
Table 79 Advanced Application > Port Authentication > 802.1x
LABEL DESCRIPTION
Active Select this check box to permit 802.1x authentication on the Switch.
Note: You must first enable 802.1x authentication on the Switch before configuring it on
each port.
Slot (Stacking
mode)
This field appears only in stacking mode. Click the drop-down list to choose the slot
number of the Switch in a stack.
Port (Standalone
or stacking mode)
This field displays the port number. In stacking mode, the first box field is the slot ID and
the second field is the port number.
* Settings in this row apply to all ports.
Use this row only if you want to make some settings the same for all ports. Use this row
first to set the common settings and then make adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
Active Select this checkbox to permit 802.1x authentication on this port. You must first allow
802.1x authentication on the Switch before configuring it on each port.
Max-Req Specify the number of times the Switch tries to authenticate client(s) before sending
unresponsive ports to the Guest VLAN.
This is set to 2 by default. That is, the Switch attempts to authenticate a client twice. I f
the client does not respond to the first authentication request, the Switch tries again. I f
the client still does not respond to the second request, the Switch sends the client to the
Guest VLAN. The client needs to send a new request to be authenticated by the Switch
again.
Reauth Specify if a subscriber has to periodically re-enter his or her username and password to
stay connected to the port.
Reauth-period Specify the length of tim e required to pass before a client has to re-enter his or her
username and password to stay connected to the port.
Quiet-period Specify the number of seconds the port remains in the HELD state and rejects further
authentication requests from the connected client after a failed authentication exchange.
Tx-period Specify the number of seconds the Switch waits for client’s response before re-sending
an identity request to the client.
Supp-Timeout Specify the number of seconds the Switch waits for client’s response to a challenge
request before sending another request.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel Click Cancel to begin configuring this screen afresh.
To Next Page
Loading...
