General features

802.1X on the switches covered in this guide includes the following:

• Switch operation as both an authenticator (for supplicants having a point-to-point connection to the switch) and as a supplicant for point-to-point connections to other 802.1X-aware switches.

  • Authentication of 802.1X access using a RADIUS server and either the EAP or CHAP protocol.

  • Provision for enabling clients that do not have 802.1 supplicant software to use the switch as a path for downloading the software and initiating the authentication process (802.1X Open VLAN mode).

  • User-Based access control option with support for up to 32 authenticated clients per-port.

  • Port-Based access control option allowing authentication by a single client to open the port. This option does not force a client limit and, on a port opened by an authenticated client, allows unlimited client access without requiring further authentication.

  • Supplicant implementation using CHAP authentication and independent user credentials on each port.

• Prevention of traffic flow in either direction on unauthorized ports.

• Local authentication of 802.1X clients using the switch’s local username and password (as an alternative to RADIUS authentication).

• Temporary on-demand change of a port’s VLAN membership status to support a current client’s session. (This does not include ports that are members of a trunk.)

• Session accounting with a RADIUS server, including the accounting update interval.

• Use of show commands to display session counters.