•
Port Based Authentication State — Permits port based authentication on the device. The possible
field values are:
–
Enable — Enables port based authentication on the device.
–
Disable — Disables port based authentication on the device.
•
Authentication Method — The Authentication method used. The possible field values are:
–
None — No authentication method is used to authenticate the port.
–
RADIUS — Port authentication is performed using the RADIUS server.
–
RADIUS, None — Port authentication is performed first using the RADIUS server. If the port is
not authenticated, then no authentication method is used, and the session is permitted.
•
Guest VLAN — Specifies whether the Guest VLAN is enabled on the device. The possible field
values are:
–
Enable — Enables using a Guest VLAN for unauthorized ports. If a Guest VLAN is enabled,
the unauthorized port automatically joins the VLAN selected in the VLAN List field.
–
Disable — Disables port-based authentication on the device. This is the default.
•
VLAN List — When Guest VLAN is enabled, this field specifies which VLAN the guest will belong to.
•
Interface — Contains an interface list.
•
User Name — The user name as configured in the RADIUS server.
•
Admin Interface Control — Defines the port authorization state. The possible field values are:
–
Authorized — Set the interface state to authorized (permit traffic).
–
Unauthorized — Set the interface state to unauthorized (deny traffic).
–
Auto — Authorize state is set by the authorization method.
•
Current Interface Control — The currently configured port authorization state.
•
Authentication Type — Specifies the type of authentication on the port. The possible field values are:
–
802.1x Only — Sets the authentication type to 802.1x based authentication only.
–
MAC Only — Sets the authentication type to MAC based authentication only.
–
802.1x & MAC — Sets the authentication type to 802.1x based authentication and MAC based
authentication.
•
Dynamic VLAN Assignment — Indicates whether dynamic VLAN assignment is enabled for this port.
This feature allows network administrators to automatically assign users to VLANs during the RADIUS
server authentication. When a user is authenticated by the RADIUS server, the user is automatically
joined to the VLAN configured on a RADIUS server.
–
Port Lock and Port Monitor should be disabled when DVA is enabled.
–
Dynamic VLAN Assignment (DVA) can occur only if a RADIUS server is configured, and port
authentication is enabled and set to 802.1x multi-session mode.
–
If the Radius Accept Message doesn't contain the supplicant's VLAN, the supplicant is rejected.
244
Configuring Device Information