Mac / 802.1x precedence states – Enterasys Networks 1G58x-09 User Manual
Page 798
Working with Security Configurations
MAC Authentication Overview
14-116
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
If this situation, the switch immediately aborts MAC authentication. The 802.1X authentication
then proceeds to completion. After the 802.1X login completes, the user has either succeeded and
gained entry to the network, or failed and is denied access to the network. After the 802.1X login
attempt, no new MAC authentication logins occur on this port until:
•
A link is toggled.
•
The user executes an 802.1X logout.
•
Management terminates the 802.1X session.
When a port is set for concurrent use of MAC and 802.1X authentication, the switch continues to
issue EAPOL request/ID frames until a MAC authentication succeeds or the switch receives an
EAPOL response/ID frame.
further defines the precedence rules the Matrix E1 uses to determine which
authentication method has control over an interface.
NOTE: The switch may terminate a session in many different ways. All of these
reactivate the MAC authentication method. Refer to
for the precedence
relationship between MAC and 802.1X authentication.
Table 14-9
MAC / 802.1X Precedence States
802.1X
Port
Control
(EAPOL)
MAC
Port
Control
MAC
Authen-
ticated?
Default
Port
Policy
Exists?
PAP
Autho-
rized
Policy
Exists?
Action
Force
Authorized
Don’t
Care
Don’t
Care
Yes
Don’t
Care
•
Neither method performs
authentication.
•
Frames are forwarded according
to default policy.
Force
Authorized
Don’t
Care
Don’t
Care
No
Don’t
Care
•
Neither method performs
authentication.
•
Frames are forwarded.
Auto
Enabled
Yes
Don’t
Care
Yes
•
Hybrid authentication (both
methods are active).
•
Frames are forwarded according
to authorized policy.