The Radius server chooses an EAP-supported authentication algorithm to verify the client's identity, and
sends an EAP-Request packet to the client via the switch authenticator. The client then replies to the Radius
server with an EAP-Response containing its credentials.
Upon a successful authentication of the client by the server, the 802.1x-controlled port transitions from
unauthorized to authorized state, and the client is allowed full access to services through the controlled
port. When the client later sends an EAPOL-Logoff message to the switch authenticator, the port transitions
from authorized to unauthorized state.
If a client that does not support 802.1x connects to an 802.1x-controlled port, the switch authenticator
requests the client's identity when it detects a change in the operational state of the port. The client does
not respond to the request, and the port remains in the unauthorized state.
When an 802.1x-enabled client connects to a port that is not 802.1x-controlled, the client
initiates the authentication process by sending an EAPOL-Start frame. When no response is
received, the client retransmits the request for a fixed number of times. If no response is received,
the client assumes the port is in authorized state, and begins sending frames, even if the port is
802.1x port states
The state of the port determines whether the client is granted access to the network, as follows:
Unauthorized—While in this state, the port discards all ingress and egress traffic except EAP
Authorized—When the client is authenticated successfully, the port transitions to the authorized state
allowing all traffic to and from the client to flow normally.
Force Unauthorized—You can configure this state that denies all access to the port.
Force Authorized—You can configure this state that allows full access to the port.
Use the 802.1x Global Configuration Menu (/cfg/l2/8021x/global) to configure 802.1x
authentication for all ports in the switch. Use the 802.1x Port Menu (/cfg/l2/8021x/port x) to
configure a single port.
Port-based Network Access and traffic control