Filter
Top Products
Chapter 18: 802.1x Port-based Network Access
216
Overview
The 802.1x port-based network access control feature lets you control
who can send traffic through and receive traffic from the individual switch
ports. The switch does not allow an end node to send or receive traffic
through a port until the user of the node has been authenticated by a
RADIUS server.
This port-security feature is used to prevent unauthorized individuals from
connecting a computer to a switch port or using an unattended workstation
to access your network resources. Only those users designated as valid
network users on a RADIUS server are permitted to use the switch to
access the network.
This port security method uses the RADIUS authentication protocol. To
use the 802.1x port-based network access control feature, you must
configure RADIUS and add RADIUS servers to the switch. For more
information about RADIUS and its configuration, see Chapter 17,
“RADIUS and TACACS+ Clients” on page 199.
Note
RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x port-based
network access control. This feature is not supported with the
TACACS+ authentication protocol.
The switch does not authenticate any end nodes connected to its ports. Its
function is to act as an intermediary between the end nodes or users and
the RADIUS authentication server during the authentication process.
Port Roles Part of the task to implementing this feature is specifying the roles of the
ports on the switch. The roles are listed here:
None Role:
Switch ports in the none role do not participate in port-based access
control. They forward traffic without authenticating the clients of the
network devices. This is the default setting for the switch ports.
Note
A RADIUS authentication server cannot authenticate itself and must
communicate with the switch through a port that is set to the none
role.