Appendix K Router Platform User Interface Reference

 

 

 

802.1x Policy Page

 

Table K-79

802.1x Page (Continued)

 

 

 

 

 

Interface

 

The trusted, physical interface that provides VPN access to authenticated

 

 

 

traffic. Enter the name of an interface or interface role, or click Select to

 

 

 

display an Object Selectors, page F-593.

 

 

 

If the interface role you want is not listed, click the Create button in the

 

 

 

selector to display the Interface Role Dialog Box, page F-464. From here

 

 

 

you can create an interface role object.

 

 

 

Note The pattern defined in the interface role must represent only one

 

 

 

physical interface on the selected device. This interface should be the

 

 

 

internal protected interface that you configured as part of the VPN

 

 

 

topology. For more information, see Endpoints Page, page G-13.

 

 

 

 

Number of retries

The number of times the physical interface resends an Extensible

 

 

 

Authentication Protocol (EAP) request/identity frame to a client if a

 

 

 

response is not received before restarting authentication.

 

 

 

Valid values range from 1 to 10. The default is 2.

 

 

 

Note You should change the default only to adjust for unusual

 

 

 

circumstances, such as unreliable links or specific problems with

 

 

 

certain clients and authentication servers.

 

 

 

 

 

Control type

 

The control state of the interface, which determines whether the host is

 

 

 

granted access to the network. Options are:

 

 

 

Force Authorize—Disables 802.1x authentication and causes the

 

 

 

interface to move to the authorized state without requiring any

 

 

 

authentication exchange. This means the interface transmits and

 

 

 

receives normal traffic without 802.1x-based authentication of the host.

 

 

 

This is the default.

 

 

 

Auto—Enables 802.1x authentication and causes the interface to begin

 

 

 

in the unauthorized state, allowing only EAPOL frames to be sent and

 

 

 

received through the interface. If a host is successfully authenticated, the

 

 

 

interface state changes to authorized, which enables all frames from the

 

 

 

host through the interface.

 

 

 

 

 

Enable client

 

When selected, enables periodic reauthentication of client PCs on the 802.1x

 

reauthentication

 

interface. Reauthentication is performed after the interval defined in the

 

 

 

Client reauthentication period timeout field. The default period is 3600

 

 

 

seconds (1 hour).

 

 

 

When deselected, periodic reauthentication is not performed.

 

 

 

 

 

 

 

 

 

 

User Guide for Cisco Security Manager 3.2

 

 

 

 

 

 

 

 

OL-16066-01

 

 

 

K-181

 

 

 

 

Page 180 Page 182
Page 181
Image 181
Cisco Systems OL-16066-01 appendix Display an Object Selectors, page F-593, 181
Page 180 Page 182
Top Page Image Contents