The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port and the action to perform if a violation has been detected.
To define 802.1X advanced settings for ports, complete the following steps:
Procedure
| Step 1 | Click Security > 802.1X Authentication > Host and Session Authentication.
The authentication parameters are described for all ports. All fields except the following are described in the Edit page.
|
| Step 2 | Select a port, and click Edit. |
| Step 3 | Enter the parameters.
-
Interface—Enter a port number for which host authentication is enabled.
-
Host Authentication—Select from one of the following modes.
-
Single Host—A port is authorized if there is an authorized client. Only one host can be authorized on a port.
-
Multiple Host (802.1x)—A port is authorized if there is if there is at least one authorized client.
-
Multiple Sessions—Unlike the single-host and multi-host modes, a port in the multi-session mode does not have an authentication status. This status is assigned to each client connected to the port.
Single Host Violation Settings—Can only be chosen if host authentication is Single Host.
-
Action on Violation—Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address isn’t the supplicant MAC address. The options are:
-
Protect (Discard)—Discards the packets.
-
Restrict (Forward)—Forwards the packets.
-
Shutdown—Discards the packets and shuts down the port. The ports remain shut down until reactivated, or until the device is rebooted.
-
Traps—Select to enable traps.
-
Trap Frequency—Defines how often traps are sent to the host. This field can be defined only if multiple hosts are disabled.
|
| Step 4 | Click Apply. The settings are written to the Running Configuration file. |