Configuring 802.1X Global Settings; Configuring Port Authenticator Settings For 802.1X - Edge-Core ECS3510-28T Management Manual

C 802.1X
ONFIGURING
G S
LOBAL ETTINGS
Each client that needs to be authenticated must have dot1X client
◆
software installed and properly configured.
The RADIUS server and 802.1X client support EAP. (The switch only
◆
supports EAPOL in order to pass the EAP packets from the server to the
client.)
The RADIUS server and client also have to support the same EAP
◆
authentication type – MD5, PEAP, TLS, or TTLS. (Native support for
these encryption methods is provided in Windows 8, 7, Vista and XP,
and in Windows 2000 with Service Pack 4. To support these encryption
methods in Windows 95 and 98, you can use the AEGIS dot1x client or
other comparable client software)
Use the Security > Port Authentication (Configure Global) page to
configure IEEE 802.1X port authentication. The 802.1X protocol must be
enabled globally for the switch system before port settings are active.
CLI R
EFERENCES
"802.1X Port Authentication" on page 840
◆
P
ARAMETERS
These parameters are displayed:
System Authentication Control – Sets the global setting for 802.1X.
◆
(Default: Disabled)
EAPOL Pass Through – Passes EAPOL frames through to all ports in
◆
STP forwarding state when dot1x is globally disabled.
(Default: Disabled)
When this device is functioning as intermediate node in the network
and does not need to perform dot1x authentication, EAPOL Pass
Through can be enabled to allow the switch to forward EAPOL frames
from other switches on to the authentication servers, thereby allowing
the authentication process to still be carried out by switches located on
the edge of the network.
When this device is functioning as an edge switch but does not require
any attached clients to be authenticated, EAPOL Pass Through can be
disabled to discard unnecessary EAPOL traffic.
Identity Profile User Name – The dot1x supplicant user name.
◆
(Range: 1-8 characters)
The global supplicant user name and password are used to identify this
switch as a supplicant when responding to an MD5 challenge from the
authenticator. These parameters must be set when this switch passes
client authentication requests to another authenticator on the network
(see "Configuring Port Supplicant Settings for 802.1X" on page
Set Password – Allows the dot1x supplicant password to be entered.
◆
– 385 –
| Security Measures
C 13
HAPTER
Configuring 802.1X Port Authentication
390).