Enhancements in Release F.05.05 through F.05.70

Enhancements in Release F.05.05 through F.05.60

Note that as an alternative, you can configure the switch to use local password authentication instead of RADIUS authentication. However, this is less desirable because it means that all clients use the same passwords and have the same access privileges. Also, you must use 802.1X supplicant software that supports the use of local switch passwords.

Caution

Ensure that you do not introduce a security risk by allowing Unauthorized-Client VLAN access to network services or resources that could be compromised by an unauthorized client.

Configuring General 802.1X Operation: These steps enable 802.1X authentication, and must be done before configuring 802.1X VLAN operation.

1.Enable 802.1X authentication on the individual ports you want to serve as authenticators. (The switch automatically disables LACP on the ports on which you enable 802.1X.) On the ports you will use as authenticators with VLAN Operation, ensure that the (default) port-control param- eter is set to auto. This setting requires a client to support 802.1X authentication (with 802.1X supplicant operation) and to provide valid credentials to get network access.

Syntax: aaa port-access authenticator e < port-list> control auto

Activates 802.1X port-access on ports you have configured as authenticators.

2.Configure the 802.1X authentication type. Options include:

Syntax: aaa authentication port-access < local eap-radius chap-radius >

Determines the type of RADIUS authentication to use.

local: Use the switch’s local username and password for supplicant authentication (the default).

eap-radiusUse EAP-RADIUS authentication. (Refer to the documentation for your RADIUS server.

chap-radiusUse CHAP-RADIUS (MD5) authentication. (Refer to the documentation for your RADIUS server software.)

51