Configuring Port-Based Access Control (802.1x)
Overview
Feature
Configuring Switch Ports as 802.1x Authenticators
Configuring Switch Ports to Operate as 802.1x Supplicants
Displaying 802.1x Configuration, Statistics, and Counters
How 802.1x Affects VLAN Operation
RADIUS Authentication and Accounting
5-2
Overview
Why Use Port-Based Access Control?
Local Area Networks are often deployed in a way that allows unauthorized
clients to attach to network devices, or allows unauthorized users to get
access to unattended clients on a network. Also, the use of DHCP services and
zero configuration make access to networking services easily available. This
exposes the network to unauthorized use and malicious attacks. While access
to the network should be made easy, uncontrolled and unauthorized access is
usually not desirable. 802.1x provides access control along with the ability to
control user profiles from a central RADIUS server while allowing users
access from multiple points within the network.
General Features
802.1x on the Swtich 2650 and 6108 includes the following:
Switch operation as both an authenticator (for supplicants having a
point-to-point connection to the switch) and as a supplicant for point-
to-point connections to other 802.1x-aware switches.
•
Authentication of 802.1x clients using a RADIUS server and either the
EAP or CHAP protocol.
•
Supplicant implementation using CHAP authentication and indepen-
dent username and password configuration on each port.
Prevention of traffic flow in either direction on unauthorized ports.
Local authentication of 802.1x clients using the switch's local user-
name and password (as an alternative to RADIUS authentication).
Default
Menu
Disabled
n/a
Disabled
n/a
n/a
n/a
n/a
n/a
Refer to "RADIUS Authentication and Accounting" on page
3-1
CLI
Web
page 5-10
n/a
page 5-17
n/a
page 5-21
n/a
page 5-24
n/a