Configuring 802.1X - Cisco 500 series Administration Manual

Configuring Security
Configuring 802. 1 X
STEP 4

Configuring 802.1X

Cisco 500 Series Stackable Managed Switch Administration Guide
• Action on Violation—Select an action to be applied to packets arriving on a
locked port. The options are:
- Discard—Discards packets from any unlearned source.
- Forward—Forwards packets from an unknown source without learning
the MAC address.
- Shutdown—Discards packets from any unlearned source, and shuts
down the port. The port remains shut down until reactivated, or until the
switch is rebooted.
• Trap—Select to enable traps when a packet is received on a locked port.
This is relevant for lock violations. For Classic Lock, this is any new address
received. For Limited Dynamic Lock, this is any new address that exceeds
the number of allowed addresses.
• Trap Frequency—Enter minimum time (in seconds) that elapses between
traps.
Click Apply. Port security is modified, and the Running Configuration file is
updated.
Port-based access control has the effect of creating two types of access on the
switch ports. One point of access enables uncontrolled communication,
regardless of the authorization state (uncontrolled port). The other point of access
authorizes communication between a host and the switch.
The 802. 1 x is an IEEE standard for port-based network access control. The 802. 1 x
framework enables a device (the supplicant) to request port access from a remote
device (authenticator) to which it is connected. Only when the supplicant
requesting port access is authenticated and authorized is it permitted to send
data to the port. Otherwise, the authenticator discards the supplicant data unless
the data is sent to a Guest VLAN and/or non-authenticated VLANs.
Authentication of the supplicant is performed by an external RADIUS server
through the authenticator. The authenticator monitors the result of the
authentication.
18
320