System information

Configuring Security

Configuring 802.1X

Cisco Small Business 200 Series Smart Switch Administration Guide 178

Authentication of the supplicant is performed by an external RADIUS server

through the authenticator. The authenticator monitors the result of the

authentication.

In the 802.1x standard, a device can be a supplicant and an authenticator at a port

simultaneously, requesting port access and granting port access. However, this

device is only the authenticator, and does not take on the role of a supplicant.

The following varieties of 802.1X exist:

• Single session 802.1X:

- A1 —Single-session/single host. In this mode, the switch, as an

authenticator supports one 802.1x session and grants permission to use

the port to the authorized supplicant at a port. All the access by the other

devices received from the same port are denied until the authorized

supplicant is no longer using the port or the access is to the

unauthenticated VLAN.

- Single session/multiple hosts—This follows the 802.1x standard. In this

mode, the switch as an authenticator allows any device to use a port as

long as it has been granted permission to a supplicant at the port.

• Multi-Session 802.1X—Every device (supplicant) connecting to a port

must be authenticated and authorized by the switch (authenticator)

separately in a different 802.1x session.

Authentication Methods

The authentication method can be:

• 802.1x—The switch supports the authentication mechanism as described

in the standard to authenticate and authorize 802.1x supplicants.

802.1X Parameters Workflow

Define the 802.1X parameters as follows:

6. Define 802.1X settings for each port by using the Edit Port Authentication Page.

7. Define host authentication parameters for each port using the Port

Authentication Page.

8. View 802.1X authentication history using the Authenticated Hosts Page.