C
ONFIGURING
THE
S
WITCH
3-70
Configuring Port Settings for 802.1X
When 802.1X is enabled, you need to configure the parameters for the
authentication process that runs between the client and the switch (i.e.,
authenticator), as well as the client identity lookup process that runs
between the switch and authentication server. These parameters are
described in this section.
Command Attributes
• Port – Port number.
• Status – Indicates if authentication is enabled or disabled on the port.
(Default: Disabled)
• Operation Mode – Allows single or multiple hosts (clients) to connect
to an 802.1X-authorized port. (Options: Single-Host, Multi-Host;
Default: Single-Host)
• Max Count – The maximum number of hosts that can connect to a
port when the Multi-Host operation mode is selected. (Range: 1-1024;
Default: 5)
• Mode – Sets the authentication mode to one of the following options:
- Auto – Requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be denied
access.
- Force-Authorized – Forces the port to grant access to all clients,
either dot1x-aware or otherwise. (This is the default setting.)
- Force-Unauthorized – Forces the port to deny access to all clients,
either dot1x-aware or otherwise.
• Re-authen – Sets the client to be re-authenticated after the interval
specified by the Re-authentication Period. Re-authentication can be
used to detect if a new device is plugged into a switch port.
(Default: Disabled)
• Max-Req – Sets the maximum number of times the switch port will
retransmit an EAP request packet to the client before it times out the
authentication session. (Range: 1-10; Default 2)