Security
Configuring 802. 1 X
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
•
Current Port Control—Displays the current port authorization state. If the
state is Authorized, the port is either authenticated or the Administrative
Port Control is Force Authorized. Conversely, if the state is Unauthorized,
then the port is either not authenticated or the Administrative Port Control is
Force Unauthorized.
•
Administrative Port Control—Select the Administrative Port Authorization
state. The options are:
-
Force Unauthorized—Denies the interface access by moving the
interface into the unauthorized state. The device does not provide
authentication services to the client through the interface.
-
Auto—Enables port-based authentication and authorization on the
device. The interface moves between an authorized or unauthorized
state based on the authentication exchange between the device and the
client.
-
Force Authorized—Authorizes the interface without authentication.
•
RADIUS VLAN Assignment—Select to enable Dynamic VLAN assignment
on the selected port. Dynamic VLAN assignment is possible only when the
802. 1 X mode is set to Multiple Session. (After authentication, the port joins
the supplicant VLAN as an untagged port in that VLAN.)
•
Alternate VLAN Assignment—If RADIUS VLAN Assignment is enabled, you
can select one of the following options:
-
Enabled—Select an alternative VLAN that is used if the RADUS server
does not assign a VLAN.
-
Disabled—If the RADIUS server does not assign a VLAN, the
authentication fails.
•
Guest VLAN—Select to indicate that the usage of a previously-defined
Guest VLAN is enabled for the device. The options are:
-
Selected—Enables using a Guest VLAN for unauthorized ports. If a Guest
VLAN is enabled, the unauthorized port automatically joins the VLAN
selected in the Guest VLAN ID field in the 802. 1 X Port Authentication
page.
After an authentication failure, and if Guest VLAN is activated globally on
a given port, the guest VLAN is automatically assigned to the
unauthorized ports as an Untagged VLAN.
-
Cleared—Disables Guest VLAN on the port.
20
400