802.1X
Last updated
Last updated
When a supplicant is connected to a switch port, the port issues an 802.1X authentication request to the attached the 802.1X supplicant. The supplicant replies with the given username and password, and an authentication request is then passed to a configured RADIUS server. The authentication server's user database supports Extended Authentication Protocol (EAP), which allows particular VLAN memberships to be defined based on each individual user. After authorization, the port connected to the authenticated supplicant then becomes a member of the specified VLAN. When the supplicant is successfully authenticated, traffic is automatically assigned to the VLAN. The EAP authentication methods supported by the switch are EAP-MD5, EAP-PEAP, and EAP-CHAPv2.
Items | Descriptions |
State | Select whether authentication is Enabled or Disabled on the switch. |
Guest VLAN | Select whether Guest VLAN is Enabled or Disabled on the switch. The default is Disabled. |
Guest VLAN ID | Select the guest VLAN ID from the list of currently defined VLANs. |
Click Apply to update the system settings.
The IEEE 802.1X port-based authentication provides a security standard for network access control with RADIUS servers and holds a network port disconnected until authentication is completed. With 802.1X port-based authentication, the supplicant provides the required credentials, such as username, password, or digital certificate to the authenticator, and the authenticator forwards the credentials to the authentication server for verification to the guest VLAN. If the authentication server determines the credentials are valid, the supplicant is allowed to access resources located on the protected side of the network.
From here, you can configure the port settings as they relate to 802.1X. First, select the mode you wish to utilize from the drop-down box. Next, choose whether to enable or disable re-authentication for the port. Enter the time span that you wish to elapse for the re-authentication Period, Quiet Period, and Supplicant Period. After this, enter the max number of times you wish for the switch to retransmit the EAP request. Finally, choose whether you wish to enable or disable the VLAN ID.
Click Edit to update the system settings.
Items | Descriptions |
Port | Displays the ports for which the 802.1X information is displayed. |
Mode | Select Auto or Force_UnAuthorized or Force_Authorized mode from the list. |
Re-Authentication | Select whether port re-authentication is Enabled or Disabled. |
Re-authentication period | Enter the time span in which the selected port is re-authenticated. The default is 3600 seconds. |
Quiet Period | Enter the number of the device that remains in the quiet state following a failed authentication exchange. The default is 60 seconds. |
Supplicant Period | Enter the amount of time that lapses before an EAP request is resent to the supplicant. The default is 30 seconds. |
Max Retry | Enter the maximum number of times that the switch retransmits an EAP request to the client before it times out the authentication session. The default is 2 times. |
Guest VLAN ID | Select whether guest VLAN ID is Enabled or Disabled. |
The Authenticated Host section displays the Authenticated Username, Port, Session Time, Authenticated Method, and Mac Address.
Click the Apply button to accept the changes or the Cancel button to discard them.
