| Security Measures
C
13
HAPTER
Configuring 802.1X Port Authentication
C
U
OMMAND
SAGE
◆
When the switch functions as a local authenticator between supplicant
devices attached to the switch and the authentication server, configure
the parameters for the exchange of EAP messages between the
authenticator and clients on the Authenticator configuration page.
◆
When devices attached to a port must submit requests to another
authenticator on the network, configure the Identity Profile parameters
on the Configure Global page (see
on page
392) which identify this switch as a supplicant, and configure
the supplicant parameters for those ports which must authenticate
clients through the remote authenticator (see
Port Supplicant Settings for 802.1X" on page
This switch can be configured to serve as the authenticator on selected
◆
ports by setting the Control Mode to Auto on this configuration page,
and as a supplicant on other ports by the setting the control mode to
Force-Authorized on this page and enabling the PAE supplicant on the
Supplicant configuration page.
P
ARAMETERS
These parameters are displayed:
Port – Port number.
◆
Status – Indicates if authentication is enabled or disabled on the port.
◆
The status is disabled if the control mode is set to Force-Authorized.
Authorized – Displays the 802.1X authorization status of connected
◆
clients.
Yes – Connected client is authorized.
■
N/A – Connected client is not authorized, or port is not connected.
■
Control Mode – Sets the authentication mode to one of the following
◆
options:
Auto – Requires a dot1x-aware client to be authorized by the
■
authentication server. Clients that are not dot1x-aware will be
denied access.
Force-Authorized – Forces the port to grant access to all clients,
■
either dot1x-aware or otherwise. (This is the default setting.)
Force-Unauthorized – Forces the port to deny access to all
■
clients, either dot1x-aware or otherwise.
Operation Mode – Allows single or multiple hosts (clients) to connect
◆
to an 802.1X-authorized port. (Default: Single-Host)
Single-Host – Allows only a single host to connect to this port.
■
Multi-Host – Allows multiple host to connect to this port.
■
– 394 –
"Configuring 802.1X Global Settings"
"Configuring
397).