Configuring Port-Based and Client-Based Access Control (802.1X)
General Operating Rules and Notes
General Operating Rules and Notes
■ When there is an authenticated client on a port, the following traffic
movement is allowed:
• 5300xl switches with software release E.09.xx (client-based authen-
tication allowing up to 32 authenticated clients per-port):
– Multicast and broadcast traffic is allowed on the port.
– Unicast traffic to authenticated clients on the port is allowed.
– All traffic from authenticated clients on the port is allowed.
(Refer to “5300xl Switches (with Software Release E.09.xx or
Greater)” on page 10-4.)
• 3400cl and 6400cl switches, and 5300xl switches with a software
release earlier than E.09.xx (port-based authentication): Opens the
port to any traffic from any client, unless port-security rules have been
applied to limit client access.
Refer to “802.1X Port-Based Access Control on 3400cl/6400cl
Switches, and 5300xl Switches (with Software Release E.08.xx and
Earlier)” on page 10-4.)
■ When a port on the switch is configured as either an authenticator or
supplicant and is connected to another device, rebooting the switch
causes a re-authentication of the link.
■ When a port on the switch is configured as an authenticator:
• 3400cl and 6400cl switches, and 5300xl switches running a software
release earlier than E.09.xx: Allows authentication of a single client.
Note that if a client is authenticated on the port, then the port operates
in an unblocked mode until the authenticated client drops the link.
Refer to
“802.1X Port-Based Access Control on 3400cl/6400cl
Switches, and 5300xl Switches (with Software Release E.08.xx and
Earlier)” on page 10-4.
• 5300xl switches running software release E.09.xx or greater: The port
allows only authenticated clients up to the currently configured client
limit (default = 1). Refer to “5300xl Switches (with Software Release
E.09.xx or Greater)” on page 10-4.
For clients that do not have the proper 802.1X supplicant software, the
optional 802.1X Open VLAN mode can be used to open a path for down
-
loading 802.1X supplicant software to a client or to provide other services
for unauthenticated clients. Refer to “802.1X Open VLAN Mode” on
page 10-21.)
10-11
To Next Page
Loading...
Need help?
General