Advertisement
802.1X
The 802.1X Port Authentication commands are:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
An authentication server must authenticate a client connected to an 802.1X switch port. Until the
authentication, only EAPOL (Extensible Authentication Protocol over LAN) traffic is allowed through
the port to which a client is connected. Once authentication is successful, normal traffic passes through
the port.
FTOS supports RADIUS and Active Directory environments using 802.1X Port Authentication.
Important Points to Remember
FTOS limits network access for certain users by using VLAN assignments. 802.1X with VLAN
assignment has these characteristics when configured on the switch and the RADIUS server.
•
•
•
•
debug dot1x
dot1x auth-type mab-only
dot1x authentication (Interface)
dot1x auth-fail-vlan
dot1x auth-server
dot1x guest-vlan
dot1x host-mode
dot1x mac-auth-bypass
dot1x max-eap-req
dot1x max-supplicants
dot1x port-control
dot1x quiet-period
dot1x reauthentication
dot1x reauth-max
dot1x server-timeout
dot1x supplicant-timeout
dot1x tx-period
show dot1x cos-mapping interface
show dot1x interface
802.1X is supported on C-Series, E-Series, and S-Series.
802.1X is not supported on the LAG or the channel members of a LAG.
If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is
configured in its access VLAN after successful authentication.
If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not
valid, the port returns to the unauthorized state and remains in the configured access VLAN. This
prevents ports from appearing unexpectedly in an inappropriate VLAN due to a configuration
error. Configuration errors create an entry in Syslog.
8
802.1X | 189
Advertisement
