Chapter 12
| Security Measures
Configuring 802.1X Port Authentication
◆
Re-authentication Status – Sets the client to be re-authenticated after the
interval specified by the Re-authentication Period. Re-authentication can be
used to detect if a new device is plugged into a switch port. (Default: Disabled)
◆
Re-authentication Period – Sets the time period after which a connected
client must be re-authenticated. (Range: 1-65535 seconds; Default: 3600
seconds)
◆
Re-authentication Max Retries – The maximum number of times the switch
port will retransmit an EAP request/identity packet to the client before it times
out the authentication session. (Range: 1-10; Default: 2)
◆
Intrusion Action – Sets the port's response to a failed authentication.
Block Traffic – Blocks all non-EAP traffic on the port. (This is the default
■
setting.)
Guest VLAN – All traffic for the port is assigned to a guest VLAN. The guest
■
VLAN must be separately configured (See
page
142) and mapped on each port (See
for Ports" on page
Supplicant List
◆
Supplicant – MAC address of authorized client.
Authenticator PAE State Machine
◆
State – Current state (including initialize, disconnected, connecting,
authenticating, authenticated, aborting, held, force_authorized,
force_unauthorized).
◆
Reauth Count – Number of times connecting state is re-entered.
◆
Current Identifier – Identifier sent in each EAP Success, Failure or Request
packet by the Authentication Server.
Backend State Machine
◆
State – Current state (including request, response, success, fail, timeout, idle,
initialize).
◆
Request Count – Number of EAP Request packets sent to the Supplicant
without receiving a response.
◆
Identifier (Server) – Identifier carried in the most recent EAP Success, Failure or
Request packet received from the Authentication Server.
246).
– 296 –
"Configuring VLAN Groups" on
"Configuring Network Access