Cisco Support Community
802.1X Port Authentication enables configuration of 802.1X parameters for each port. A port that requests authentication is called a supplicant. An authenticator is a switch or an access point which acts as a network guard to supplicants which forwards authentication message to the RADIUS Server. Traps are network packets that contain data relating to a component of the system sending the trap.
This article explains how to configure 802.1X Authentication on the ESW540 Series Switches.
Step 1. Log in to the web configuration utility and choose Security > 802.1X > Authentication. The Authentication page opens:
The fields are defined as:
• Port — Specifies the port number for which authentication is configured.
• Host Authentication — Specifies the host authentication mode.
• Action on Violation — Specifies the action to be applied to the receiving packets from a MAC address that is not the supplicant MAC address in single host mode.
• Traps — Specifies if traps are enabled.
• Trap Frequency — Specifies the time period by which the traps are sent to the host.
Note: The Action on Violation field, Trap and Trap Frequency field are applicable only for single-host authentication.
• Status — Specifies the status of the host. The possible values are:
– Not in Auto Mode — Specifies that the port is not connected.
– Unauthorized — Specifies whether the port control is Force Authorized and the link is down, or the port control is Auto but clients are not authenticated.
– Force-Authorized — Specifies that the port control is authorized by force and the clients have full access to the ports.
– Single-host Lock — Specifies that the port control is Auto and only a single client has access to the ports.
– Multiple Hosts — Specifies that the port control is Auto and only a single client is authenticated, with multiple hosts enabled.
– Multiple Sessions — Specifies that the port control is Auto and at least a single client is authenticated, with multiple sessions enabled.
• Number of Violations — Specifies the number of packets that is received from a MAC address which is not the supplicant MAC address in single host mode.
Step 2. Click Edit button of the port which the user wants to modify. The Edit Host Authentication window appears:
Step 3. Choose the port to be modified from the Port drop-down list.
Step 4. Choose the mode of authentication from the Host Authentication drop-down list. The available options are:
• Single — Only a single authorized client has access to the ports.
• Multiple Host — Only a single client is authorized to access the ports but multiple hosts can be attached to the ports.
• Multi Session — A number of authorized clients can be authorized to access the ports. The clients are selected based on the source MAC address.
Note: The Action on Violation, Enable Traps and Trap Frequency options are not available with Multiple Host and Multi Session authentication methods, they are available only if Single host authentication method is chosen.
Step 5. Choose the action to be applied when packets are received from a MAC address which is not the supplicant MAC address, from the Action on Violation drop-down list. The available options are:
• Discard — Removes the packets.
• Forward — The received packets are forwarded.
• Shut Down — The packets are removed and the port is shut down until the device is reset or the port is reactivated.
Step 6. Check the Enable Traps check box to enable the traps for the authentication method.
Step 7. Enter the time taken between traps that are sent to the host in the Trap Frequency field.
Step 8. Click Apply.