General features

802.1X on the switches covered in this guide includes the following:

  • Switch operation as both an authenticator (for supplicants having a point-to-point connection to the switch) and as a supplicant for point-to-point connections to other 802.1X-aware switches.
    • Authentication of 802.1X access using a RADIUS server and either the EAP or CHAP protocol.

    • Provision for enabling clients that do not have 802.1 supplicant software to use the switch as a path for downloading the software and initiating the authentication process (802.1X Open VLAN mode).

    • User-Based access control option with support for up to 32 authenticated clients per-port.

    • Port-Based access control option allowing authentication by a single client to open the port. This option does not force a client limit and, on a port opened by an authenticated client, allows unlimited client access without requiring further authentication.

    • Supplicant implementation using CHAP authentication and independent user credentials on each port.

  • Prevention of traffic flow in either direction on unauthorized ports.

  • Local authentication of 802.1X clients using the switch’s local username and password (as an alternative to RADIUS authentication).

  • Temporary on-demand change of a port’s VLAN membership status to support a current client’s session. (This does not include ports that are members of a trunk.)

  • Session accounting with a RADIUS server, including the accounting update interval.

  • Use of show commands to display session counters.