ii
802.1X-related protocols ·································································································································· 84
Packet formats ········································································································································· 84
EAP over RADIUS ··································································································································· 85
802.1X authentication initiation ························································································································ 86
802.1X client as the initiator ····················································································································· 86
Access device as the initiator ··················································································································· 86
802.1X authentication procedures ··················································································································· 87
Comparing EAP relay and EAP termination ····························································································· 87
EAP relay ················································································································································· 88
EAP termination ······································································································································· 89
Configuring 802.1X ······················································································· 91
Access control methods ··································································································································· 91
802.1X VLAN manipulation ······························································································································ 91
Authorization VLAN ·································································································································· 91
Guest VLAN ············································································································································· 93
Auth-Fail VLAN ········································································································································ 94
Critical VLAN ············································································································································ 95
Critical voice VLAN ·································································································································· 97
Using 802.1X authentication with other features ····························································································· 98
ACL assignment ······································································································································· 98
Redirect URL assignment ························································································································ 98
EAD assistant ··········································································································································· 98
SmartOn ··················································································································································· 99
Configuration prerequisites ······························································································································ 99
802.1X configuration task list ························································································································· 100
Enabling 802.1X ············································································································································· 100
Enabling EAP relay or EAP termination ········································································································· 101
Setting the port authorization state ················································································································ 101
Specifying an access control method ············································································································ 102
Setting the maximum number of concurrent 802.1X users on a port ····························································· 102
Setting the maximum number of authentication request attempts ································································· 103
Setting the 802.1X authentication timeout timers ·························································································· 103
Configuring online user handshake ··············································································································· 103
Configuration restrictions and guidelines ······························································································· 104
Configuration procedure ························································································································· 104
Configuring the authentication trigger feature ································································································ 104
Configuration restrictions and guidelines ······························································································· 105
Configuration procedure ························································································································· 105
Specifying a mandatory authentication domain on a port ·············································································· 105
Setting the quiet timer ···································································································································· 106
Configuring 802.1X reauthentication ·············································································································· 106
Overview ················································································································································ 106
Configuration restrictions and guidelines ······························································································· 106
Configuring 802.1X periodic reauthentication ························································································ 107
Configuring 802.1X manual reauthentication ························································································· 107
Enabling the keep-online feature ··········································································································· 107
Configuring an 802.1X guest VLAN ··············································································································· 108
Configuration restrictions and guidelines ······························································································· 108
Configuration prerequisites ···················································································································· 108
Configuration procedure ························································································································· 109
Enabling 802.1X guest VLAN assignment delay ··························································································· 109
Configuring an 802.1X Auth-Fail VLAN ········································································································· 109
Configuration restrictions and guidelines ······························································································· 109
Configuration prerequisites ···················································································································· 110
Configuration procedure ························································································································· 110
Configuring an 802.1X critical VLAN ·············································································································· 110
Configuration restrictions and guidelines ······························································································· 111
Configuration prerequisites ···················································································································· 111
Configuration procedure ························································································································· 111
Enabling the 802.1X critical voice VLAN ········································································································ 112
Configuration restrictions and guidelines ······························································································· 112