Filter
Top Products
K-181
User Guide for Cisco Security Manager 3.2
OL-16066-01
Appendix K Router Platform User Interface Reference
802.1x Policy Page
Interface The trusted, physical interface that provides VPN access to authenticated
traffic. Enter the name of an interface or interface role, or click Select to
display an Object Selectors, page F-593.
If the interface role you want is not listed, click the Create button in the
selector to display the Interface Role Dialog Box, page F-464. From here
you can create an interface role object.
Note The pattern defined in the interface role must represent only one
physical interface on the selected device. This interface should be the
internal protected interface that you configured as part of the VPN
topology. For more information, see Endpoints Page, page G-13.
Number of retries The number of times the physical interface resends an Extensible
Authentication Protocol (EAP) request/identity frame to a client if a
response is not received before restarting authentication.
Valid values range from 1 to 10. The default is 2.
Note You should change the default only to adjust for unusual
circumstances, such as unreliable links or specific problems with
certain clients and authentication servers.
Control type The control state of the interface, which determines whether the host is
granted access to the network. Options are:
• Force Authorize—Disables 802.1x authentication and causes the
interface to move to the authorized state without requiring any
authentication exchange. This means the interface transmits and
receives normal traffic without 802.1x-based authentication of the host.
This is the default.
• Auto—Enables 802.1x authentication and causes the interface to begin
in the unauthorized state, allowing only EAPOL frames to be sent and
received through the interface. If a host is successfully authenticated, the
interface state changes to authorized, which enables all frames from the
host through the interface.
Enable client
reauthentication
When selected, enables periodic reauthentication of client PCs on the 802.1x
interface. Reauthentication is performed after the interval defined in the
Client reauthentication period timeout field. The default period is 3600
seconds (1 hour).
When deselected, periodic reauthentication is not performed.
Table K-79 802.1x Page (Continued)