Configuring Port-Based and User-Based Access Control (802.1X)

General Setup Procedure for 802.1X Access Control

3.Determine whether to use user-based access control (page 10-4) or port- based access control (page 10-5).

4.Determine whether to use the optional 802.1X Open VLAN mode for clients that are not 802.1X-aware; that is, for clients that are not running 802.1X supplicant software. (This will require you to provide download- able software that the client can use to enable an authentication session.) For more on this topic, refer to “802.1X Open VLAN Mode” on page 10-29.

5.For any port you want to operate as a supplicant, determine the user credentials. You can either use the same credentials for each port or use unique credentials for individual ports or subgroups of ports. (This can also be the same local username/password pair that you assign to the switch.)

6.Unless you are using only the switch’s local username and password for 802.1X authentication, configure at least one RADIUS server to authenti- cate access requests coming through the ports on the switch from external supplicants (including switch ports operating as 802.1X supplicants). You can use up to three RADIUS servers for authentication; one primary and two backups. Refer to the documentation provided with your RADIUS application.

10-16