Defining 802.1X Properties
The 802.1X Properties page is used to globally enable 802.1X and define how ports will be authenticated. For 802.1X to function, it must be activated both globally and individually on each port.
To define port-based authentication:
- Click Security > 802.1X > Properties. The 802.1X Properties page displays.
- Enter the parameters.
- Port-Based Authentication--Enable or disable port-based, 802.1X authentication.
- Authentication Method--Select the user authentication methods. The options are:
- RADIUS, None--Perform port authentication first by using the RADIUS server. If no response is received from RADIUS (for example, if the server is down), then no authentication is performed, and the session is permitted. If the server is available but the user credentials are incorrect, access will be denied and the session terminated.
- RADIUS--Authenticate the user on the RADIUS server. If no authentication is performed, the session is not permitted.
- None--Do not authenticate the user. Permit the session.
- Guest VLAN--Select to enable the use of a Guest VLAN for unauthorized ports. If a Guest VLAN is enabled, all unauthorized ports automatically join the VLAN selected in the Guest VLAN ID field. If a port is later authorized, it is removed from the Guest VLAN.
- Guest VLAN ID--Select the guest VLAN from the list of VLANs.
- Guest VLAN Timeout--Define a time period:
- After linkup, if the software does not detect the 802.1X supplicant, or the authentication has failed, the port is added to the Guest VLAN, only after the Guest VLAN timeout period has expired.
- If the port state changes from Authorized to Not Authorized, the port is added to the Guest VLAN only after the Guest VLAN timeout has expired.
The VLAN Authentication Table displays all VLANs, and indicates whether authentication has been enabled on them.
- Click Apply. The 802.1X properties are modified, and the Running Configuration file is updated.
Configuring Unauthenticated VLANs
When a port is 802.1x-enabled, unauthorized ports or devices are not allowed to access a VLAN unless the VLAN is a Guest VLAN or an unauthenticated VLAN. You can make a static VLAN an authenticated VLAN by using the procedure in the Defining 802.1X Properties section, allowing both 802.1x authorized and unauthorized devices or ports to send or receive packets to or from unauthenticated VLANs. You must manually add ports to VLANs by using the Port to VLAN page.
- Click Security > 802.1X > Properties. The 802.1X Properties page displays.
- Select a VLAN, and click Edit. The Edit VLAN Authentication page displays.
- Select a VLAN.
- Optionally, uncheck Authentication to make the VLAN an unauthenticated VLAN.
- Click Apply, and the Running Configuration file is updated.