Authenticator Overview; Authentication Server - Cisco 300 Series Administration Manual

Security: 802.1X Authentication

Authenticator Overview

Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
See Port Host Modes
The following authentication methods are supported:
• 802. 1 x-based—Supported in all authentication modes.
• MAC-based—Supported in all authentication modes.
• WEB-based—Supported only in multi-sessions modes.
In 802. 1 x-based authentication, the authenticator extracts the EAP messages from
the 802. 1 x messages (EAPOL frames) and passes them to the authentication
server, using the RADIUS protocol.
With MAC-based or web-based authentication, the authenticator itself executes
the EAP client part of the software.

Authentication Server

An authentication server performs the actual authentication of the client. The
authentication server for the device is a RADIUS authentication server with EAP
extensions.
Port Administrative Authentication States
The port administrative state determines whether the client is granted access to
the network.
The port administrative state can be configured in the Security > 802. 1 X/MAC/
Web Authentication > Port Authentication page.
The following values are available:
• force-authorized
Port authentication is disabled and the port transmits all traffic in
accordance with its static configuration without requiring any
authentication. The switch sends the 802. 1 x EAP-packet with the EAP
success message inside when it receives the 802. 1 x EAPOL-start message.
This is the default state.
for more information.
19
383