Chapter 5 | Configuration Using the |
Enable Periodic Reauthentication Select the checkbox to permit periodic port reauthentication.
Setting Timer Click this button to open the Setting Timer screen to configure ports for 802.1x functionality.
Update If you click this button, your changes are saved and appear immediately in the screen’s Table section.
Table
This part of the 802.1x Settings screen displays a summary of the settings that appear in the Parameters section of the screen. If you click More Details, the settings described in the “Setting Timer” section are added to the table.
Click Save Settings to apply the changes, or Cancel Changes to cancel the changes.
Setting Timer
The Setting Timer screen appears when you click Setting Timer on the 802.1x Settings screen. You use the Setting Timer screen to configure a port’s 802.1x functionality.
Security > 802.1x Settings > Setting Timer Port Displays the port name.
Reauthentication Period Specifies the number of seconds after which a connected client must be reauthenticated. The range is 300 to 4294967295 seconds. The default value is 3600 seconds.
Quiet Period Specifies the time that a switch port waits after Max EAP Requests is exceeded before attempting to acquire a new client. The range is 1 to 65535 seconds. The default is 60 seconds.
Resending EAP Specifies the time that the switch waits for a response to an EAP request/identity frame from the client before retransmitting an EAP packet. The range is 1 to 65535 seconds. The default is 30 seconds.
Max EAP Requests Specifies the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. The range is 1 to 10 times. The default is 2 retries.
SupplicantTimeout Displays the number of seconds that lapses before EAP requests are resent to the supplicant.The range is 1 to 65535 seconds. The default is 30 seconds.
Server Timeout The number of seconds that lapses before the switch resends a request to the authentication server The range is 1 to 65535. The default is 30 seconds.
Click Save to save your changes and leave the screen open. Click Save & Close to save your changes and close the screen. Click Close to close the screen without saving your changes.
Security > Port Security
The Port Security screen is used to configure a port’s security settings.
Security > Port Security
Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. MAC addresses can be dynamically learned or statically configured.
Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet’s source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:
•Forwarded
•Discarded
•Cause the port to be shut down
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.
29 |
