remote authenticator (see
page
330).
◆
This switch can be configured to serve as the authenticator on selected ports
by setting the Control Mode to Auto on this configuration page, and as a
supplicant on other ports by the setting the control mode to Force-Authorized
on this page and enabling the PAE supplicant on the Supplicant configuration
page.
Parameters
These parameters are displayed:
◆
Port – Port number.
◆
Status – Indicates if authentication is enabled or disabled on the port. The
status is disabled if the control mode is set to Force-Authorized.
◆
Authorized – Displays the 802.1X authorization status of connected clients.
Yes – Connected client is authorized.
■
N/A – Connected client is not authorized, or port is not connected.
■
◆
Supplicant – Indicates the MAC address of a connected client.
◆
Control Mode – Sets the authentication mode to one of the following options:
Auto – Requires a dot1x-aware client to be authorized by the
■
authentication server. Clients that are not dot1x-aware will be denied
access.
Force-Authorized – Forces the port to grant access to all clients, either
■
dot1x-aware or otherwise. (This is the default setting.)
Force-Unauthorized – Forces the port to deny access to all clients, either
■
dot1x-aware or otherwise.
◆
Operation Mode – Allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. (Default: Single-Host)
■
Single-Host – Allows only a single host to connect to this port.
Multi-Host – Allows multiple host to connect to this port.
■
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.
MAC-Based – Allows multiple hosts to connect to this port, with each host
■
needing to be authenticated.
Configuring 802.1X Port Authentication
"Configuring Port Supplicant Settings for 802.1X" on
– 327 –
Chapter 12
| Security Measures