Table of Contents
Advertisement
Security: 802.1X Authentication
Overview
Cisco 350XG & 550XG Series 10G Stackable Managed Switches
The port administrative state can be configured in the
The following values are available:
•
force-authorized
Port authentication is disabled and the port transmits all traffic in
accordance with its static configuration without requiring any
authentication. The switch sends the 802.1x EAP-packet with the EAP
success message inside when it receives the 802.1x EAPOL-start message.
This is the default state.
•
force-unauthorized
Port authentication is disabled and the port transmits all traffic via the guest
VLAN and unauthenticated VLANs. For more information see
Session
Authentication. The switch sends 802.1x EAP packets with EAP
failure messages inside when it receives 802.1x EAPOL-Start messages.
•
auto
Enables port authentications in accordance with the configured port host
mode and authentication methods configured on the port.
Port Host Modes
Ports can be placed in the following port host modes (configured in the
Session Authentication
•
Single-Host Mode
A port is authorized if there is an authorized client. Only one host can be
authorized on a port.
When a port is unauthorized and the guest VLAN is enabled, untagged
traffic is remapped to the guest VLAN. Tagged traffic is dropped unless it
belongs to the guest VLAN or to an unauthenticated VLAN. If a guest VLAN
is not enabled on the port, only tagged traffic belonging to the
unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from the authorized
host is bridged based on the static VLAN membership port configuration.
Traffic from other hosts is dropped.
page):
20
Port Authentication
Host and
Host and
page.
442
Hide quick links:
Advertisement
Table of Contents
