Use the Port Access Control Port Configuration page to enable and configure port access control on one or more ports.
To access this page, click
in the navigation menu.Use the buttons to perform the following tasks:
Field | Description |
---|---|
Interface | The interface with the settings to view or configure. If you have been redirected to this page, this field is read-only and displays the interface that was selected on the Port Access Control Port Summary page. |
PAE Capabilities | The Port Access Entity (PAE) role, which is one of the
following:
To change the PAE capabilities of a port, click the Edit icon associated with the field and select the desired setting from the menu in the Set PAE Capabilities window. |
Authenticator Options | The fields in this section can be changed only when the selected port is configured as an authenticator port (that is, the PAE Capabilities field is set to Authenticator). |
Control Mode | The port-based access control mode on the port, which is
one of the following:
|
Quiet Period | The number of seconds that the port remains in the quiet state following a failed authentication exchange. |
Transmit Period | The value, in seconds, of the timer used by the authenticator state machine on the port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. |
Guest VLAN ID | The value, in seconds, of the timer used for guest VLAN authentication. |
Unauthenticated VLAN ID | The VLAN ID of the unauthenticated VLAN. Hosts that fail the authentication might be denied access to the network or placed on a VLAN created for unauthenticated clients. This VLAN might be configured with limited network access. To set the unauthenticated VLAN ID, click the Edit icon associated with the field and specify the ID value in the available field. To reset the unauthenticated VLAN ID to the default value, click the Reset icon associated with the field and confirm the action. |
Supplicant Timeout | The amount of time that the port waits for a response before retransmitting an EAP request frame to the client. |
Server Timeout | The amount of time the port waits for a response from the authentication server. |
Maximum Requests | The maximum number of times that the port sends an EAP request frame (assuming that no response is received) to the client before restarting the authentication process. |
Re-Authentication Period | The amount of time that clients can be connected to the port without being reauthenticated. If this field is disabled, connected clients are not forced to reauthenticate periodically. To change the value, click the Edit icon associated with the field and specify a value in the available field. To reset the reauthentication period to the default value, click the Reset icon associated with the field and confirm the action. |
Maximum Users | The maximum number of clients supported on the port if the Control Mode on the port is MAC-based 802.1X authentication. |
Supplicant Options | The fields in this section can be changed only when the selected port is configured as a supplicant port (that is, the PAE Capabilities field is set to Supplicant). |
Control Mode | The port-based access control mode on the port, which is
one of the following:
|
User Name | The name the port uses to identify itself as a supplicant to the authenticator port. The menu includes the users that are configured for system management. When authenticating, the supplicant provides the password associated with the selected User Name. |
Authentication Period | The amount of time the supplicant port waits to receive a challenge from the authentication server. If the configured Authentication Period expires, the supplicant retransmits the authentication request until it is authenticated or has sent the number of messages configured in the Maximum Start Messages field. |
Start Period | The amount of time the supplicant port waits for a response from the authenticator port after sending a Start packet. If no response is received, the supplicant retransmits the Start packet. |
Held Period | The amount of time the supplicant port waits before contacting the authenticator port after an active 802.1X session fails. |
Maximum Start Messages | The maximum number of Start packets the supplicant port sends to the authenticator port without receiving a response before it considers the authenticator to be 802.1X-unaware. |
Click Refresh to update the information on the screen.