Configuring Security
Configuring 802. 1 X
Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x
Authentication of the supplicant is performed by an external RADIUS server
through the authenticator. The authenticator monitors the result of the
authentication.
In the 802. 1 X standard, a device can be a supplicant and an authenticator at a port
simultaneously, requesting port access and granting port access. However, this
device is only the authenticator, and does not take on the role of a supplicant.
Guest VLAN
Guest VLAN
Guest VLAN provides access to services that do not require the subscribing
devices or ports to be 802. 1 X or MAC-Based authenticated and authorized.
The Guest VLAN, if configured, is a static VLAN with the following characteristics.
•
Must be manually defined from an existing static VLAN.
•
Is automatically available only to unauthorized devices or ports of devices
that are connected and Guest VLAN enabled.
•
If a port is Guest VLAN enabled, the switch automatically adds the port as
untagged member of the Guest VLAN when the port is not authorized, and
remove the port from the Guest VLAN when the first supplicant of the port
is authorized.
•
The Guest VLAN cannot be used as the voice VLAN.
Workflow to configure 802.1X
Workflow to configure 802.1X
Perform the following actions to configure 802. 1 X:
•
Gloablally enable port-based authentication on the switch. If needed,
enable Guest VLAN and specify the VLAN as the guest VLAN. See
Configuring 802.1X Properties
•
Configure 802. 1 X port-based authentication on each port. See
802.1X Port Authentication
•
View complete details of the authenticated hosts. See
Authenticated Hosts
for more details.
for more details.
for more details.
16
Configuring
Viewing
201