Ubiquiti EdgeSwitch ES-24-250W Administration Manual page 210

EdgeSwitch Administration Guide
™
Field
Interface
PAE Capabilities
Authenticator Options – The fields in this section can be changed only when the selected port is configured as an authenticator port
(that is, the PAE Capabilities field is set to Authenticator).
Control Mode
Quiet Period
Transmit Period
Guest VLAN ID
Guest VLAN Period
Unauthenticated VLAN ID
Supplicant Timeout
Server Timeout
Maximum Requests
MAB Mode
Re-Authentication Period
Maximum Users
Ubiquiti Networks, Inc.
Port Access Control Port Configuration Fields
Description
The interface with the settings to view or configure. If you have been redirected to this page, this field
is read-only and displays the interface that was selected on the Port Access Control Port Summary page.
The Port Access Entity (PAE) role, which is one of the following:
• Authenticator The port enforces authentication and passes authentication information from
a remote supplicant (client or host) to the authentication server. If the server successfully
authenticates the supplicant, the port allows access.
• Supplicant The port is connected to an authenticator port and must be granted permission by
the authentication server before it can send and receive traffic through the remote port.
To change the PAE capabilities of a port, click the
setting from the drop-down box in the Set PAE Capabilities window.
The port-based access control mode on the port, which is one of the following:
• Auto The port is unauthorized until a successful authentication exchange has taken place.
• Force Unauthorized The port ignores supplicant authentication attempts and does not provide
authentication services to the client
• Force Authorized The port sends and receives normal traffic without client port-based
authentication.
• MAC-Based This mode allows multiple supplicants connected to the same port to each
authenticate individually. Each host connected to the port must authenticate separately in order
to gain access to the network. The hosts are distinguished by their MAC addresses.
The number of seconds that the port remains in the quiet state following a failed authentication
exchange.
The value, in seconds, of the timer used by the authenticator state machine on the port to determine
when to send an EAPOL EAP Request/Identity frame to the supplicant.
The VLAN ID of the guest VLAN. The guest VLAN allows the port to provide a distinguished service to
unauthenticated users. This feature is a mechanism to allow users to access hosts on the guest VLAN.
Click this button to set the Guest VLAN ID.
Click this button to reset the Guest VLAN ID to the default value.
The value, in seconds, of the timer used for guest VLAN authentication.
The VLAN ID of the unauthenticated VLAN. Hosts that fail the authentication might be denied
access to the network or placed on a VLAN created for unauthenticated clients. This VLAN might be
configured with limited network access.
Click this button to set the Unauthenticated VLAN ID.
Click this button to reset the Unauthenticated VLAN ID to the default value.
The amount of time that the port waits for a response before retransmitting an EAP request frame to
the client.
The amount of time the port waits for a response from the authentication server.
The maximum number of times that the port sends an EAP request frame (assuming that no response
is received) to the client before restarting the authentication process.
The MAC-based Authentication Bypass (MAB) mode on the port, which can be enabled or disabled.
The amount of time that clients can be connected to the port without being reauthenticated. If this
field is disabled, connected clients are not forced to reauthenticate periodically.
Click this button to set the Re-Authentication Period.
Click this button to reset the Re-Authentication Period to the default value.
The maximum number of clients supported on the port if the Control Mode on the port is MAC-Based
802.1X authentication.
Managing Device Security
button next to the field and select the desired
209