13-1
13
Configuring Port-Based and
User-Based Access Control (802.1X)
Overview
Why Use Port-Based or User-Based Access Control?
Local Area Networks are often deployed in a way that allows unauthorized
clients to attach to network devices, or allows unauthorized users to get
access to unattended clients on a network. Also, the use of DHCP services and
zero configuration make access to networking services easily available. This
exposes the network to unauthorized use and malicious attacks. While access
to the network should be made easy, uncontrolled and unauthorized access is
usually not desirable. 802.1X simplifies security management by providing
access control along with the ability to control user profiles from up to three
RADIUS servers while allowing a given user to use the same entering valid
user credentials for access from multiple points within the network.
General Features
802.1X on the switches covered in this guide includes the following:
■ Switch operation as both an authenticator (for supplicants having a point-
to-point connection to the switch) and as a supplicant for point-to-point
connections to other 802.1X-aware switches.
Feature Default Menu CLI WebAgent
Configuring Switch Ports as 802.1X Authenticators Disabled n/a page 13-17 n/a
Configuring 802.1X Open VLAN Mode Disabled n/a page 13-32 n/a
Configuring Switch Ports to Operate as 802.1X Supplicants Disabled n/a page 13-51 n/a
Displaying 802.1X Configuration, Statistics, and Counters n/a n/a page 13-55 n/a
How 802.1X Affects VLAN Operation n/a n/a page 13-69 n/a
RADIUS Authentication and Accounting Refer to chapter 6, “RADIUS Authentication, Authorization,
and Accounting”
To Next Page
Loading...
Need help?
General