LevelOne GTL-2691 User Manual

Page 386

Advertising
background image

C

HAPTER

13

| Security Measures

Configuring 802.1X Port Authentication

– 386 –

Control Mode – Sets the authentication mode to one of the following

options:

Auto – Requires a dot1x-aware client to be authorized by the

authentication server. Clients that are not dot1x-aware will be

denied access.

Force-Authorized – Forces the port to grant access to all clients,

either dot1x-aware or otherwise. (This is the default setting.)

Force-Unauthorized – Forces the port to deny access to all

clients, either dot1x-aware or otherwise.

Operation Mode – Allows single or multiple hosts (clients) to connect

to an 802.1X-authorized port. (Default: Single-Host)

Single-Host – Allows only a single host to connect to this port.

Multi-Host – Allows multiple host to connect to this port.
In this mode, only one host connected to a port needs to pass

authentication for all other hosts to be granted network access.

Similarly, a port can become unauthorized for all hosts if one

attached host fails re-authentication or sends an EAPOL logoff

message.

MAC-Based – Allows multiple hosts to connect to this port, with

each host needing to be authenticated.
In this mode, each host connected to a port needs to pass

authentication. The number of hosts allowed access to a port

operating in this mode is limited only by the available space in the

secure address table (i.e., up to 1024 addresses).

Max Count – The maximum number of hosts that can connect to a

port when the Multi-Host operation mode is selected. (Range: 1-1024;

Default: 5)

Max Request – Sets the maximum number of times the switch port

will retransmit an EAP request packet to the client before it times out

the authentication session. (Range: 1-10; Default 2)

Quiet Period – Sets the time that a switch port waits after the Max

Request Count has been exceeded before attempting to acquire a new

client. (Range: 1-65535 seconds; Default: 60 seconds)

Tx Period – Sets the time period during an authentication session that

the switch waits before re-transmitting an EAP packet.

(Range: 1-65535; Default: 30 seconds)

Supplicant Timeout – Sets the time that a switch port waits for a

response to an EAP request from a client before re-transmitting an EAP

packet. (Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other

than EAP-request/identity frames. If dot1x authentication is enabled on

Advertising
Popular Brands
Popular manuals