33
How 802.1x port security works
BigIron RX devices support MD5-challenge TLS and any other EAP-encapsulated authentication
types in EAP Request/Response messages. In other words, the BigIron RX devices are transparent
to the authentication scheme used.
Authenticating multiple clients connected to the same
port
BigIron RX devices support 802.1x authentication for ports with more than one Client connected to
them.
Figure 124
illustrates a sample configuration where multiple Clients are connected to a
single 802.1x port.
FIGURE 124
Multiple clients connected to a single 802.1x-enabled port
RADIUS Server
(Authentication Server)
192.168.9.22
BigIron Device
(Authenticator)
e2/1
Hub
Clients/Supplicants running 802.1X-compliant client software
If there are multiple Clients connected to a single 802.1x-enabled port, the BigIron RX
authenticates each of them individually. Each client's authentication status is independent of the
others, so that if one authenticated client disconnects from the network, it has no effect on the
authentication status of any of the other authenticated clients.
By default, traffic from clients that cannot be authenticated by the RADIUS server is dropped in
hardware. You can optionally configure the BigIron RX to assign the port to a "restricted" VLAN if
authentication of the Client is unsuccessful.
952
BigIron RX Series Configuration Guide
53-1001986-01