Filter
Top Products
U
SER
A
UTHENTICATION
3-61
certificate. The RADIUS server verifies the client credentials and responds
with an accept or reject packet. If authentication is successful, the switch
allows the client to access the network. Otherwise, network access is
denied and the port remains blocked.
The operation of dot1x on the switch requires the following:
• The switch must have an IP address assigned.
• RADIUS authentication must be enabled on the switch and the IP
address of the RADIUS server specified.
• Each switch port that will be used must be set to dot1x “Auto” mode.
• Each client that needs to be authenticated must have dot1x client
software installed and properly configured.
• The RADIUS server and 802.1x client support EAP. (The switch only
supports EAPOL in order to pass the EAP packets from the server to
the client.)
• The RADIUS server and client also have to support the same EAP
authentication type – MD5, TLS, TTLS, PEAP, etc. (Some clients have
native support in Windows, otherwise the dot1x client must support
it.)
Displaying 802.1x Global Settings
The dot1x protocol includes global parameters that control the client
authentication process that runs between the client and the switch (i.e.,
authenticator), as well as the client identity lookup process that runs
between the switch and authentication server. These parameters are
described in this section.
Command Attributes
• dot1x Re-authentication – Indicates if switch port requires a client to
be re-authenticated after a certain period of time.