Defining 802.1X Port Authentication
The Port Authentication page enables configuration of 802.1X parameters for each port. Since some of the configuration changes are only possible while the port is in Force Authorized state, such as host authentication, it is recommended that you change the port control to Force Authorized before making changes. When the configuration is complete, return the port control to its previous state.
NOTE A port with 802.1x defined on it cannot become a member of a LAG.
To define 802.1X authentication:
- Click Security > 802.1X > Port Authentication. The Port Authentication page displays.
This page displays authentication settings for all ports.
- Select a port, and click Edit. The Edit Port Authentication page displays.
- Enter the parameters.
- Interface--Select a port.
- User Name--Displays the username of the port.
- Current Port Control--Displays the current port authorization state. If the state is Authorized, the port is either authenticated or the Administrative Port Control is Force Authorized. Conversely, if the state is Unauthorized, then the port is either not authenticated or the Administrative Port Control is Force Unauthorized.
- Administrative Port Control--Select the Administrative Port Authorization state. The options are:
- Force Unauthorized--Denies the interface access by moving the interface into the unauthorized state. The switch does not provide authentication services to the client through the interface.
- Auto--Enables port-based authentication and authorization on the switch. The interface moves between an authorized or unauthorized state based on the authentication exchange between the switch and the client.
- Force Authorized--Authorizes the interface without authentication.
- Authentication Method--Select the authentication method for the port. The options are:
- Periodic Reauthentication--Select to enable port re-authentication attempts after the specified Reauthentication Period.
- Reauthentication Period--Enter the number of seconds after which the selected port is reauthenticated.
- Reauthenticate Now--Select to enable immediate port re-authentication.
- Authenticator State--Displays the defined port authorization state. The options are:
- Quiet Period--Enter the number of seconds that the switch remains in the quiet state following a failed authentication exchange.
- Resending EAP--Enter the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the request.
- Max EAP Requests--Enter the maximum number of EAP requests that can be sent. If a response is not received after the defined period (supplicant timeout), the authentication process is restarted.
- Supplicant Timeout--Enter the number of seconds that lapses before EAP requests are resent to the supplicant.
- Server Timeout--Enter the number of seconds that lapses before the switch resends a request to the authentication server.
- Termination Cause--Displays the reason for which the port authentication was terminated, if applicable.
- Click Apply. The port settings are defined, and the Running Configuration file is updated.