Configuring the Switch
3-66
3
Configuring 802.1X Global Settings
The 802.1X protocol provides port authentication. The 802.1X protocol must be
enabled globally for the switch system before port settings are active.
Command Attributes
802.1X System Authentication Control – Sets the global setting for 802.1X.
(Default: Disabled)
Web – Select Security, 802.1X, Configuration. Enable 802.1X globally for the switch,
and click Apply.
Figure 3-40 802.1X Global Configuration
CLI – This example enables 802.1X globally for the switch.
Configuring Port Settings for 802.1X
When 802.1X is enabled, you need to configure the parameters for the
authentication process that runs between the client and the switch (i.e.,
authenticator), as well as the client identity lookup process that runs between the
switch and authentication server. These parameters are described in this section.
Command Attributes
• Status – Indicates if authentication is enabled or disabled on the port.
(Default: Disabled)
• Operation Mode – Allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. (Range: Single-Host, Multi-Host; Default: Single-Host)
• Max Count – The maximum number of hosts that can connect to a port when the
Multi-Host operation mode is selected. (Range: 1-1024; Default: 5)
• Mode – Sets the authentication mode to one of the following options:
- Auto – Requires a dot1x-aware client to be authorized by the authentication
server. Clients that are not dot1x-aware will be denied access.
- Force-Authorized – Forces the port to grant access to all clients, either
dot1x-aware or otherwise. (This is the default setting.)
- Force-Unauthorized – Forces the port to deny access to all clients, either
dot1x-aware or otherwise.
• Re-authentication – Sets the client to be re-authenticated after the interval
specified by the Re-authentication Period. Re-authentication can be used to detect
if a new device is plugged into a switch port. (Default: Disabled)
Console(config)#dot1x system-auth-control 4-79
Console(config)#