Filter
Top Products
8-12
Configuring Port-Based and Client-Based Access Control (802.1X)
General Operating Rules and Notes
3. Port A1 replies with an MD5 hash response based on its username and
password or other unique credentials. Switch “B” forwards this response
to the RADIUS server.
4. The RADIUS server then analyzes the response and sends either a “suc-
cess” or “failure” packet back through switch “B” to port A1.
• A “success” response unblocks port B5 to normal traffic from port A1.
• A “failure” response continues the block on port B5 and causes port
A1 to wait for the “held-time” period before trying again to achieve
authentication through port B5.
Note You can configure a switch port to operate as both a supplicant and an
authenticator at the same time.
General Operating Rules and Notes
■ In the client-based mode, when there is an authenticated client on a port,
the following traffic movement is allowed:
• Multicast and broadcast traffic is allowed on the port.
• Unicast traffic to authenticated clients on the port is allowed.
• All traffic from authenticated clients on the port is allowed.
■ When a port on the switch is configured as either an authenticator or
supplicant and is connected to another device, rebooting the switch
causes a re-authentication of the link.
■ Using client-based 802.1X authentication, when a port on the switch is
configured as an authenticator the port allows only authenticated clients
up to the currently configured client limit.
For clients that do not have the proper 802.1X supplicant software, the
optional 802.1X Open VLAN mode can be used to open a path for down-
loading 802.1X supplicant software to a client or to provide other services
for unauthenticated clients.
■ Using port-based 802.1X authentication, when a port on the switch is
configured as an authenticator, one authenticated client opens the
port. Other clients that are not running an 802.1X supplicant applica-
tion can have access to the switch and network through the opened