3 802.1x system configuration – PLANET WGSD-8020 User Manual

User’s Manual of WGSD-8020

181

4.11.3 802.1X System Configuration

This page allows you to configure the IEEE 802.1X and MAC-based authentication system.

The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by

requiring users to first submit credentials for authentication. A central server, the RADIUS server, determines whether the user is

allowed access to the network.

MAC-based authentication

allows for authentication of more than one user on the same port, and doesn't require the user to

have special 802.1X software installed on his system. The Managed Switch uses the user's MAC address to authenticate

against the RADIUS server. Intruders can create counterfeit MAC addresses, which makes MAC-based authentication less

secure than 802.1X authentication.

The 802.1X System Configuration screen in

Figure 4-11-7

appears.

Figure 4-11-7

802.1X System Configuration page screenshot

The page includes the following fields:

Object

Description

•

Mode

Indicates if 802.1X and MAC-based authentication is globally enabled or disabled

on the switchstack. If globally disabled, all ports are allowed forwarding of

frames.

•

Reauthentication

Enabled

If checked, clients are reauthenticated after the interval specified by the

Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used

to detect if a new device is plugged into a switch port.

For MAC-based ports, reauthentication is only useful if the RADIUS server

configuration has changed. It does not involve communication between the

switch and the client, and therefore doesn't imply that a client is still present on a

port (see Age Period below).

•

Reauthentication

Determines the period, in seconds, after which a connected client must be