beautypg.com

Configuring 802.1x global settings – LevelOne GTL-2691 User Manual

Page 384

background image

C

HAPTER

13

| Security Measures

Configuring 802.1X Port Authentication

– 384 –

Each client that needs to be authenticated must have dot1X client

software installed and properly configured.

The RADIUS server and 802.1X client support EAP. (The switch only

supports EAPOL in order to pass the EAP packets from the server to the

client.)

The RADIUS server and client also have to support the same EAP

authentication type – MD5, PEAP, TLS, or TTLS. (Native support for

these encryption methods is provided in Windows XP, and in Windows

2000 with Service Pack 4. To support these encryption methods in

Windows 95 and 98, you can use the AEGIS dot1x client or other

comparable client software)

C

ONFIGURING

802.1X

G

LOBAL

S

ETTINGS

Use the Security > Port Authentication (Configure Global) page to

configure IEEE 802.1X port authentication. The 802.1X protocol must be

enabled globally for the switch system before port settings are active.

CLI R

EFERENCES

"802.1X Port Authentication" on page 899

P

ARAMETERS

These parameters are displayed:

Port Authentication Status – Sets the global setting for 802.1X.

(Default: Disabled)

EAPOL Pass Through – Passes EAPOL frames through to all ports in

STP forwarding state when dot1x is globally disabled.

(Default: Disabled)
When this device is functioning as intermediate node in the network

and does not need to perform dot1x authentication, EAPOL Pass

Through can be enabled to allow the switch to forward EAPOL frames

from other switches on to the authentication servers, thereby allowing

the authentication process to still be carried out by switches located on

the edge of the network.
When this device is functioning as an edge switch but does not require

any attached clients to be authenticated, EAPOL Pass Through can be

disabled to discard unnecessary EAPOL traffic.

W

EB

I

NTERFACE

To configure global settings for 802.1X:

1.

Click Security, Port Authentication.

2.

Select Configure Global from the Step list.

3.

Enable 802.1X globally for the switch, and configure EAPOL Pass
Through if required. Then set the user name and password to use when

the switch responds an MD5 challenge from the authentication server.

See also other documents in the category LevelOne Routers: