Filter
Top Products
Chapter 12: 802.1x Network Access Control
170 Section I: Using the Menus Interface
server. Each client that attempts to access the network is uniquely
identified by the switch using the client's MAC address.
Force-unauthorized - Places the port in the unauthorized state,
ignoring all attempts by the client to authenticate. This port control
setting blocks all users from accessing the network through the port
and is similar to disabling a port and can be used to secure a port from
use. The port continues to forward EAPOL packets, but discards all
other packets, including multicast and broadcast packets.
Force-authorized - Disables IEEE 802.1x authentication and causes
the port to transition to the authorized state without any authentication
exchange required. The port transmits and receives normal traffic
without 802.1x-based authentication of the client. This is the default
setting. Use this port control setting for those ports where there are
network devices that are not to be authenticated.
Figure 46 illustrates the concept of the authenticator port control settings.
Figure 46. Example of the Authenticator Role
Port 2 is set to Auto. The end node connected to the port must use its
802.1x client software and provide a username and password to send
or receive traffic from the switch.
Port 8 is set to the Force-authorized setting so that the end node
connected to the port does not have to provide a user name or
password to send or receive traffic from the switch. In the example, the
node is the RADIUS authentication server. Since the server cannot
authenticate itself, its port must be set to Force-authorized in order for
it to pass traffic through the port.
Port 7 is set to Force-unauthorized to prevent anyone for using the
port.
793
AT-9000/24
24 Port Gigabit Ethernet Switch
1
3
57
9111315
17 1921R
23R
2 4 6 8 1012 14 1618 2022R24R
POWER
21 22
23 24
SFP
LINK ACT
1000
10/100
PORT ACTIVITY
RADIUS
Authentication
Server
Supplicant with
802.1x Client
Software
Port 2
802.1x Port Control
Setting: Auto
Port 17
802.1x Port Control:
Setting: Force-unauthorized
Port 20
802.1x Port Control:
Setting: Force-authorized