What are the 802.1X Port States?
The 802.1X port state determines whether to allow or prevent network traffic
on the port. The 802.1X state of a port can be one of the following:
If the port is in the authorized state, the port sends and receives normal
traffic without client port-based authentication. When a port is in an
unauthorized state, it ignores supplicant authentication attempts and does
not provide authentication services to the client. By default, when 802.1X is
globally enabled on the switch, all ports are in automode, which means the
port will be unauthorized until a successful authentication exchange has
In addition to authorized, unauthorized, and automode, the 802.1X mode of
a port can be MAC based, as the following section describes.
Only MAC-Based and Automode actually use 802.1X to authenticate.
Authorized and Unauthorized modes are manual overrides.
What is MAC-Based 802.1X Authentication?
MAC-based authentication allows multiple supplicants connected to the
same port to each authenticate individually. For example, a PC attached to
the port might be required to authenticate in order to gain access to the
network, while a VoIP phone might not need to authenticate in order to send
voice traffic through the port.
The hosts are distinguished by their MAC addresses.
By default, all ports are in VLAN Access mode. A port that uses MAC-
based authentication should be configured to be in General mode.
When multiple hosts (for example, a PC, a printer, and a phone in the same
office) are connected to the switch on the same port, each of the connected
hosts authenticates separately with the RADIUS server.
Configuring 802.1X and Port-Based Security