General features
802.1X on the switches covered in this guide includes the following:
- Switch operation as both an authenticator (for supplicants having a point-to-point connection to the switch) and as a supplicant for point-to-point connections to other 802.1X-aware switches.
Authentication of 802.1X access using a RADIUS server and either the EAP or CHAP protocol.
Provision for enabling clients that do not have 802.1 supplicant software to use the switch as a path for downloading the software and initiating the authentication process (802.1X Open VLAN mode).
User-Based access control option with support for up to 32 authenticated clients per-port.
Port-Based access control option allowing authentication by a single client to open the port. This option does not force a client limit and, on a port opened by an authenticated client, allows unlimited client access without requiring further authentication.
Supplicant implementation using CHAP authentication and independent user credentials on each port.
Prevention of traffic flow in either direction on unauthorized ports.
Local authentication of 802.1X clients using the switch’s local username and password (as an alternative to RADIUS authentication).
Temporary on-demand change of a port’s VLAN membership status to support a current client’s session. (This does not include ports that are members of a trunk.)
Session accounting with a RADIUS server, including the accounting update interval.
Use of
show
commands to display session counters.