Cisco 350 Series Administration Manual page 521

18 Security: 802.1X Authentication
Overview
Ports are set to authentication modes. See Port Host Modes for more information.
Authentication Server
An authentication server performs the actual authentication of the client. The authentication
server for the device is a RADIUS authentication server with EAP extensions.
Open Access
The Open (Monitoring) Access feature aids in separating real authentication failures from
failures caused by mis-configuration and/or lack of resources, in an 802.1x environment.
Open Access helps system administrators understand the configuration problems of hosts
connecting to the network, monitors bad situations and enables these problems to be fixed.
When Open Access is enabled on an interface, the switch treats all failures received from a
RADIUS server as successes and allows access to the network for stations connected to
interfaces regardless of authentication results.
Open Access changes the normal behavior of blocking traffic on a authentication-enabled port
until authentication and authorization are successfully performed. The default behavior of
authentication is still to block all traffic except Extensible Authentication Protocol over LAN
(EAPoL). However, Open Access provides the administrator with the option of providing
unrestricted access to all traffic, even though authentication (802.1X-Based, MAC-Based, and/
or WEB-Based) is enabled.
When RADIUS accounting is enabled, you can log authentication attempts and gain visibility
of who and what is connecting to your network with an audit trail.
All of this is accomplished with no impact on end users or on network-attached hosts. Open
Access can be activated in the Port Authentication page.
Port Authentication States
The port authentication state determines whether the client is granted access to the network.
The port administrative state can be configured in the Port Authentication page.
350 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4