Cisco Systems SRW248G4PK9NA User Manual
Security
Configuring 802.1X
329
Cisco Small Business 300 Series Managed Switch Administration Guide
17
•
Trap—Select to enable traps when a packet is received on a locked port.
This is relevant for lock violations. For Classic Lock, this is any new address
received. For Limited Dynamic Lock, this is any new address that exceeds
the number of allowed addresses.
This is relevant for lock violations. For Classic Lock, this is any new address
received. For Limited Dynamic Lock, this is any new address that exceeds
the number of allowed addresses.
•
Trap Frequency—Enter minimum time (in seconds) that elapses between
traps.
traps.
STEP 4
Click Apply. Port security is modified, and the Running Configuration file is
updated.
updated.
Configuring 802.1X
Port-based access control has the effect of creating two types of access on the
device ports. One type of access enables uncontrolled communication,
regardless of the authorization state (uncontrolled port). The other type of access
authorizes communication between a host and the device.
device ports. One type of access enables uncontrolled communication,
regardless of the authorization state (uncontrolled port). The other type of access
authorizes communication between a host and the device.
The 802.1x is an IEEE standard for port-based network access control. The 802.1x
framework enables a device (the supplicant) to request port access from a remote
device (authenticator) to which it is connected. Only when the supplicant
requesting port access is authenticated and authorized is it permitted to send
data to the port. Otherwise, the authenticator discards the supplicant data unless
the data is sent to a Guest VLAN and/or non-authenticated VLANs.
framework enables a device (the supplicant) to request port access from a remote
device (authenticator) to which it is connected. Only when the supplicant
requesting port access is authenticated and authorized is it permitted to send
data to the port. Otherwise, the authenticator discards the supplicant data unless
the data is sent to a Guest VLAN and/or non-authenticated VLANs.
Authentication of the supplicant is performed by an external RADIUS server
through the authenticator. The authenticator monitors the result of the
authentication.
through the authenticator. The authenticator monitors the result of the
authentication.
In the 802.1x standard, a device can be a supplicant and an authenticator at a port
simultaneously, requesting port access and granting port access. However, this
device is only the authenticator, and does not take on the role of a supplicant.
simultaneously, requesting port access and granting port access. However, this
device is only the authenticator, and does not take on the role of a supplicant.
The following varieties of 802.1X exist:
•
Single session 802.1X:
-
Single-session/single host—In this mode, the device, as an
authenticator, supports a single 802.1x session and grants permission to
use the port to the authorized supplicant. All access by other devices
received from the same port are denied until the authorized supplicant is
no longer using the port or the access is to the unauthenticated VLAN or
guest VLAN.
authenticator, supports a single 802.1x session and grants permission to
use the port to the authorized supplicant. All access by other devices
received from the same port are denied until the authorized supplicant is
no longer using the port or the access is to the unauthenticated VLAN or
guest VLAN.