Defining Host and Session Authentication
The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port and the action to perform if a violation has been detected.
The 802.1X modes are:
- Single--Only a single authorized host can access the port. (Port Security cannot be enabled on a port in single-host mode.)
- Multiple Host (802.1X)--Multiple hosts can be attached to a single 802.1X- enabled port. Only the first host must be authorized, and then the port is open for all who want to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.
- Multiple Sessions--Enables the number of specific authorized hosts to access the port. Each host is treated as if it were the first and only user and must be authenticated. Filtering is based on the source MAC address.
To define 802.1X advanced settings for ports:
- Click Security > 802.1X > Host and Session Authentication. The Host and Session Authentication page displays.
802.1X authentication parameters are described for all ports. All fields except the following are described in the Edit Host and Session Authentication page.
- Status--Displays the host status. An asterisk indicates that the port is either not linked or is down. The options are:
- Unauthorized--Either the port control is Force Unauthorized and the port link is down, or the port control is Auto but a client has not been authenticated via the port.
- Force-Authorized--Clients have full port access.
- Single-host Lock--Port control is Auto and only a single client has been authenticated by using the port.
- No Single Host--Port control is Auto and Multiple Hosts mode is enabled. At least one client has been authenticated.
- Not in Auto Mode--Auto port control is not enabled.
- Number of Violations--Displays the number of packets that arrive on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address.
- Select a port, and click Edit. The Edit Host and Session Authentication page displays.
- Enter the parameters.
NOTE The following fields are only relevant if you select Single in the Host Authentication field.
- Action on a (Single Host) Violation--Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address. The options are:
- Traps on Single Host Violation--Select to enable traps.
- Trap Frequency (on Single Host Violation)--Defines how often traps are sent to the host. This field can be defined only if multiple hosts are disabled.
- Click Apply. The settings are defined, and the Running Configuration file is updated.