Filter
Top Products
40-2
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 40 Configuring 802.1X Port-Based Authentication
About 802.1X Port-Based Authentication
Until a client is authenticated, only Extensible Authentication Protocol over LAN (EAPOL) traffic is
allowed using the port to which the client is connected. After authentication succeeds, normal traffic can
pass using the port.
To configure 802.1X port-based authentication, you need to understand the concepts in these sections:
• Device Roles, page 40-2
• 802.1X and Network Access Control, page 40-3
• Authentication Initiation and Message Exchange, page 40-4
• Ports in Authorized and Unauthorized States, page 40-5
• 802.1X Host Mode, page 40-6
• 802.1X Violation Mode, page 40-8
• Using MAC Move, page 40-9
• Using MAC Replace, page 40-9
• Using 802.1X with VLAN Assignment, page 40-10
• Using 802.1X for Guest VLANs, page 40-11
• Using 802.1X with MAC Authentication Bypass, page 40-12
• Using 802.1X with Web-Based Authentication, page 40-14
• Using 802.1X with Inaccessible Authentication Bypass, page 40-14
• Using 802.1X with Unidirectional Controlled Port, page 40-15
• Using 802.1X with VLAN User Distribution, page 40-16
• Using 802.1X with Authentication Failed VLAN Assignment, page 40-17
• Using 802.1X with Port Security, page 40-19
• Using 802.1X Authentication with ACL Assignments and Redirect URLs, page 40-20
• Using 802.1X with RADIUS-Provided Session Timeouts, page 40-21
• Using 802.1X with Voice VLAN Ports, page 40-22
• Using Multiple Domain Authentication and Multiple Authentication, page 40-22
• 802.1X Supplicant and Authenticator Switches with Network Edge Access Topology, page 40-24
• How 802.1X Fails on a Port, page 40-25
• Supported Topologies, page 40-25
Device Roles
With 802.1X port-based authentication, network devices have specific roles. Figure 40-1 shows the role
of each device, which is described below.