Filter
Top Products
42 CHAPTER 4: USING THE CENTRAL CONFIGURATION MANAGER
When the option is set to Disable 802.1X, all packets are processed as a normal
Ethernet switch; no 802.1X control applies.
With Standard 802.1X selected, control is enabled. Once the device is authorized,
the port it connects to is in the authorized state and all packets entering the port
are allowed to pass through.
When the Secure 802.1X option is selected, control is enabled. In addition, the
IntelliJack will check its ATU to determine if packets entering the port should be
forwarded. If the device is authorized, the IntelliJack will put the MAC address of
the device in the ATU and allow its packets to pass through. The NJ240FX will
block all other packets that don’t have the correct MAC address specified in the
ATU.
You can select the MAC address filter option if a client device does not support
802.1X and wishes to connect to the network through the IntelliJack (e.g., a
network printer). In this case, you can manually add the device’s MAC address
associated to the port in the ATU, and packets from the network to this port will
be blocked unless their MAC addresses are listed in the ATU.
802.1X with IP Phone is a special case of 802.1X secure mode. In this mode, when
a 3Com IP phone is connected to the IntelliJack, the phone’s MAC address will be
locked into the ATU automatically. Therefore, packets sent from the phone can
pass through by default without further authentication. If 802.1X control is not
required, an IP phone can connect to a port with 802.1X disabled and voice traffic
will pass through without authentication.
24 When 802.1X security is applied, authentication is required and reauthentication
is required at specific intervals. The IntelliJack disables reauthentication by default.
When reauthentication is enabled, the default period is 3600 seconds. You could
select an interval ranging from 10 to 65535 seconds. If you prefer that a
supplicant device authenticates itself on a frequent basis, you would choose a
small reauthentication interval. Likewise, you would increase the interval or disable
the function if you were not concerned about regular authentication of the
devices on your network.
25 When 802.1x is enabled in the NJ240FX, you have the ability to automatically
assign a port to a specific VID when a user connects and authenticates via that
port. This option depends on a RADIUS server being configured with user profiles,
including VID assignments. When this feature is enabled, the RADIUS server
effectively sends the user information to the NJ240FX, which is acting as its client.
NOTE: When a port has been assigned a VLAN ID automatically by the RADIUS
server, you will not be able to make any changes to the port's VLAN ID, its
VLAN mode, or any entries in the VLAN table to which this port is associated.