AT-GS950/16PS Switch Web Interface User’s Guide
271
802.1x authenticator role, in the unauthorized state. Although
the ports are in the authenticator role, the switch blocks all
authentication on the ports, which means that no clients can log
on and forward packets through them.
Auto: Sets the port to the 802.1X port-based authenticator role.
Ports begin in the unauthorized state, forwarding only EAPOL
frames, until a client has successfully logged on.
Forced Authorized: Sets a port to Forced-Authorized port
control. Ports that are set to the force-authorized state transition
to the authorized state without any authentication exchanges
required. The ports transmit and receive traffic normally without
802.1X based authentication of the clients.
Re-authentication Status: This parameter activates or de-
activates the reauthentication on the authenticator ports.
Enabled: Configures the port to activate reauthentication on the
authenticator ports. The clients must periodically reauthenticate
according to the time interval set with the Re-authentication
Period.
Disabled: Configures the port to remove reauthentication from
authenticator ports so that clients do not have to periodically
reauthenticate after the initial authentication. Reauthentication is
still required if there is a change to the status of the link between
a client and the switch or the switch is reset or power cycled.
Control Direction: The port authentication is set to “Both”
meaning both transmit and receive packets are affected. You
cannot change this parameter.
Supplicant Mode: This parameter specifies if one or more
supplicants can be authenticated on a port.
Single: The port is set to permit only one supplicant to log on
and forwards only the traffic of that supplicant. After one
supplicant has logged on, the port discards packets from any
other supplicant.
Multiple: The port is set to permit multiple clients on an
authenticator port. An authenticator mode forwards packets from
all clients once one client has successfully logged on.
Piggyback Mode: This mode is used in conjunction with the
Multiple Supplicant Mode. This mode is typically used in situations
where you want to add 802.1x port-based network access control
to a switch port that is supporting multiple clients, but do not want
to create individual accounts for all the clients on the RADIUS
server. After one client has successfully logged, the port permits
the other clients to piggy-back onto the initial client’s log on, so that
they can forward packets through the port without being