802.1X Authentication Properties

The Properties page is used to globally enable port/device authentication. For authentication to function, it must be activated both globally and individually on each port.

To define port-based authentication, follow these steps:

Procedure

Step 1

Click Security > 802.1X Authentication > Properties.

Step 2

Enter the parameters.

  • Port-Based Authentication—Enable or disable port-based authentication.

  • Authentication Method—Select the user authentication methods. The options are:

    • RADIUS, None—Perform port authentication first by using the RADIUS server. If no response is received from RADIUS, then no authentication is performed, and the session is permitted.

    • RADIUS—Authenticate the user on the RADIUS server. If no authentication is performed, the session isn’t permitted.

    • None—Don’t authenticate the user. Permit the session.

  • Guest VLAN—Select to enable the use of a guest VLAN for unauthorized ports. If a guest VLAN is enabled, all unauthorized ports automatically join the VLAN selected in the Guest VLAN ID field. If a port is later authorized, it’s removed from the guest VLAN. The guest VLAN can be defined as a layer 3 interface (assigned an IP address) like any other VLAN. However, device management isn’t available via the guest VLAN IP address.

  • Guest VLAN ID—Select the guest VLAN from the list of VLANs.

  • Guest VLAN Timeout—Define a time period as either Immediate or enter a value in User Defined. This value is used as follows:

    After linkup, if the software doesn’t detect the 802.1X supplicant, or the authentication has failed, the port is added to the guest VLAN, only after the Guest VLAN timeout period has expired.

    If the port state changes from Authorized to Not Authorized, the port is added to the guest VLAN only after the Guest VLAN timeout has expired.

  • Trap Settings—To enable traps, select one of more of the following options:

    • 802.1x Authentication Failure Traps—Select to generate a trap if 802.1x authentication fails.

    • 802.1x Authentication Success Traps—Select to generate a trap if 802.1x authentication succeeds.

    • MAC Authentication Failure Traps—Select to generate a trap if MAC authentication fails.

    • MAC Authentication Success Traps—Select to generate a trap if MAC authentication succeeds.

    • Supplicant Authentication Failure Traps—Select to generate a trap if supplicant authentication fails.

    • Supplicant Authentication Success Traps—Select to generate a trap if supplicant authentication succeeds.

    • Web Authentication Failure Traps—Select to generate a trap if Web authentication fails.

    • Web Authentication Success Traps—Select to generate a trap if Web authentication succeeds.

    • Web Authentication Quiet Traps—Select to generate a trap if a quiet period commences.

      The VLAN Authentication Table displays all VLANs, and indicates whether authentication has been enabled on them.

Step 3

Click Apply. The 802.1X properties are written to the Running Configuration file.

To change Enable or Disable authentication on a VLAN, click Edit and select VLAN and either Enable or Disable.