Chapter 10: 802.1x Port-based Network Access Control
132 Section I: Using the Menus Interface
Force-unauthorized - Places the port in the unauthorized state,
ignoring all attempts by the client to authenticate. This port control
setting blocks all users from accessing the network through the port
and is similar to disabling a port and can be used to secure a port from
use. The port continues to forward EAPOL packets, but discards all
other packets, including multicast and broadcast packets.
Force-authorized - Disables IEEE 802.1x port-based authentication
and causes the port to transition to the authorized state without any
authentication exchange required. The port transmits and receives
normal traffic without 802.1x-based authentication of the client. This is
the default setting. Use this port control setting for those ports where
there are network devices that are not to be authenticated.
Figure 34 illustrates the concept of the authenticator port control settings.
Figure 34. Example of the Authenticator Role
Port 2 is set to Auto. The end node connected to the port must use its
802.1x client software and provide a username and password to send
or receive traffic from the switch.
Port 18 is set to the Force-authorized setting so that the end node
connected to the port does not have to provide a user name or
password to send or receive traffic from the switch. In the example, the
node is the RADIUS authentication server. Since the server cannot
authenticate itself, its port must be set to Force-authorized in order for
it to pass traffic through the port.
Port 23 is set to Force-unauthorized to prevent anyone for using the
port.
RADIUS
Authentication
Server
Supplicant with
802.1x Client
Software
Port 2
802.1x Port Control
Setting: Auto
Port 18
802.1x Port Control:
Setting: Force-authorized
Port 23
802.1x Port Control:
Setting: Force-unauthorized