Cisco Cisco SF302-08PP 8-port 10 100 PoE+ Managed Switch Manual De Mantenimiento
Security: 802.1X Authentication
802.1X Configuration Through the GUI
447
Cisco 300 Series Managed Switches Administration Guide
19
-
Force Unauthorized—Denies the interface access by moving the
interface into the unauthorized state. The device does not provide
authentication services to the client through the interface.
interface into the unauthorized state. The device does not provide
authentication services to the client through the interface.
-
Auto—Enables port-based authentication and authorization on the
device. The interface moves between an authorized or unauthorized
state based on the authentication exchange between the device and the
client.
device. The interface moves between an authorized or unauthorized
state based on the authentication exchange between the device and the
client.
-
Force Authorized—Authorizes the interface without authentication.
•
RADIUS VLAN Assignment—Select to enable Dynamic VLAN assignment
on the selected port.
on the selected port.
-
Disable—Feature is not enabled.
-
Reject—If the RADIUS server authorized the supplicant, but did not
provide a supplicant VLAN, the supplicant is rejected.
provide a supplicant VLAN, the supplicant is rejected.
-
Static—If the RADIUS server authorized the supplicant, but did not
provide a supplicant VLAN, the supplicant is accepted.
provide a supplicant VLAN, the supplicant is accepted.
•
Guest VLAN—Select to indicate that the usage of a previously-defined
guest VLAN is enabled for the device. The options are:
guest VLAN is enabled for the device. The options are:
-
Selected—Enables using a guest VLAN for unauthorized ports. If a guest
VLAN is enabled, the unauthorized port automatically joins the VLAN
selected in the Guest VLAN ID field in the 802.1X Port Authentication
page.
After an authentication failure, and if guest VLAN is activated globally on
a given port, the guest VLAN is automatically assigned to the
unauthorized ports as an Untagged VLAN.
VLAN is enabled, the unauthorized port automatically joins the VLAN
selected in the Guest VLAN ID field in the 802.1X Port Authentication
page.
After an authentication failure, and if guest VLAN is activated globally on
a given port, the guest VLAN is automatically assigned to the
unauthorized ports as an Untagged VLAN.
-
Cleared—Disables guest VLAN on the port.
•
Open Access—Select to successfully authenticate the port even though
authentication fails. See
authentication fails. See
•
802.1X Based Authentication—802.1X authentication is the only
authentication method performed on the port.
authentication method performed on the port.
•
MAC Based Authentication—Port is authenticated based on the supplicant
MAC address. Only 8 MAC-based authentications can be used on the port.
MAC address. Only 8 MAC-based authentications can be used on the port.
NOTE
For MAC authentication to succeed, the RADIUS server supplicant
username and password must be the supplicant MAC address. The MAC
address must be in lower case letters and entered without the . or -
separators; for example: 0020aa00bbcc.
address must be in lower case letters and entered without the . or -
separators; for example: 0020aa00bbcc.