Asante Technologies 40240/40480-10G 6-21

• Max Count – The maximum number o f hosts that can connect to a po rt when the

operation mode is set to Multi-Host. (Range: 1-1024; Default: 5)

• Mode – Sets the authentication mode to one of the following options:

- Auto – Requires a dot1x-aware cli ent to be autho riz ed by the authe ntication

server. Clients that are not dot1x-aware will be denied access.

- Force-Authorized – Forces the port to grant access to al l clients, eit her

dot1x-aware or otherwise. (This is the default setting.)

- Force-Unauthorized – Forces the port to deny acces s to all cli ents, eithe r

dot1x-aware or otherwise.

802.1X port authentication and port security (page 6-16) cannot be configured

together on the same port. Only one of these security mec han is m s can b e ap plie d.

802.1X port authentication cannot be configured on trunk ports. In othe r words, a

static or dynamically configured trunk cannot be set to Auto or Force-Unauthorized

mode.

When 802.1X authentication is enabled on a port, the MAC address learning

function for this interface is disabled, and the addresses dynamically learned on

this port are removed.

Authenticated MAC addresses are stored as dynamic entries in the switch’s secure

MAC address table. Configured static MAC addresses are ad ded to the se cure

address table when seen on a switch port. Static ad dresses are trea ted as

authenticated without sending a request to a RADIUS server.

When port status changes to down, all MAC addresses are cleared from the secure

MAC address table. Static VLAN assignments are n ot res tore d.

• Re-authentication – Sets the client to be re-authenticated af ter the in terval

specified by the Re-authentication Period. (Default: Disabled)

•

Max Request

– Sets the maximum number of times the switch port will retransmit

an EAP request packet to the client before it tim es out the aut hen ticatio n ses sion.

(Range: 1-10; Default 2)

• Quiet Period – Sets the time that a swi tc h port waits after the Max Re quest count

has been exceeded before attempting to acquire a new client. (Range: 1-65535

seconds; Default: 60 seconds)

• Re-authentication Period – Sets the time period after which a connected cli ent

must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 seconds)

• TX Period – Sets the time period during an au thentication session that th e switch

waits before re-transmitting an EAP packet. (Range: 1-65535; Default: 30 seconds)

• Authorized –

- Yes – Conn ected client is authoriz ed.

- No – Connec ted clien t is not author ized.

- Blank – Displays no thing wh en dot1 x is disabled o n a port.

• Sup plicant – Indicates the MAC address of a con nected cl ient.

• Trunk – Indicates if the port is configured as a trunk port.

6-21

Configuring 802.1X Port Authentication