Infinity CHECK POINT 1100 Administration Manual page 75

802.1x Authentication Protocol
IEEE 802.1x is a port-based network access protocol that provides an authentication mechanism
for devices that are physically attached to the network.
802.1x authentication is enabled only when you define a LAN or a DMZ network as a separate
network and a RADIUS server is defined.
Workflow:
1. Configure a RADIUS Server. See Managing Authentication Servers (on page 98).
2. Define it on the appliance
3. Activate 802.1x authentication on a separate LAN interface (includes the DMZ when not used
as an internet connection), or a tag-based VLAN interface defined on one of the LAN physical
ports.
If you configure a physical switch (port-based VLAN) between multiple LAN ports, you cannot
activate the 802.1x protocol on this network. Replace the switch with a bridge configuration.
To enable 802.1x authentication on a separate LAN interface:
1. Go to Device > Local Network.
2. Select the LAN interface and click Edit.
The Edit window opens in the Configuration tab.
3. For Assigned to: select Separate network.
4. In the Advanced tab, select Activate 802.1x authentication.
5. Enter a time for Re-authentication frequency (in seconds).
6. Click Apply.
To enable 802.1x authentication on a tag based VLAN interface:
1. Go to Device > Local Network.
2. Select the LAN and click New > VLAN.
The New VLAN window opens in the Configuration tab.
3. For Assigned to: select the LAN ID.
4. In the Advanced tab, select Activate 802.1x authentication.
5. Enter a time for Re-authentication frequency (in seconds).
6. Click Apply.
To disable 802.1x authentication on an interface:
1. Go to Device > Local Network.
Select the LAN interface and click Edit.
2. The Edit window opens in the Configuration tab.
3. Click the Advanced tab.
4. Clear Activate 802.1x authentication.
5. Click Apply.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
Appliance Configuration
| 75