Global Port Access Control Configuration

Use the Port Based Access Control Configuration page to enable or disable port access control on the system.

To access this page, click Security > Port Access Control > Configuration in the navigation menu.

Click to expand in new window

Port Access Control—Port Configuration Fields

Field Description
Administrative Mode Select Enable or Disable 802.1x mode on the switch. The default is Disable. This feature permits port-based authentication on the switch.
VLAN Assignment Mode If enabled, when a supplicant is authenticated by a authentication server, the port that the supplicant is connected to is placed in a particular VLAN specified by the RADIUS (Remote Authentication Dial In User Service) server. VLAN Assignment mode controls if the switch is allowed to place a port in a RADIUS-assigned VLAN. A port‘s VLAN assignment is determined by the first supplicant that is authenticated on the port.
Dynamic VLAN Creation Mode Select Enable to allow the switch to dynamically create a RADIUS-assigned VLAN if it does not already exist in the VLAN database.
Monitor Mode The administrative mode of the Monitor Mode feature on the device. Monitor mode is a special mode that can be enabled in conjunction with port-based access control. Monitor mode provides a way for network administrators to identify possible issues with the port-based access control configuration on the device without affecting the network access to the users of the device. It allows network access even in cases where there is a failure to authenticate, but it logs the results of the authentication process for diagnostic purposes. If the device fails to authenticate a client for any reason (for example, RADIUS access reject from the RADIUS server, RADIUS timeout, or the client itself is 802.1X unaware), the client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database for tracking purposes.
EAPOL Flood Mode The administrative mode of the Extensible Authentication Protocol (EAP) over LAN (EAPOL) flood support on the device. EAPOL Flood Mode can be enabled when Admin Mode and Monitor Mode are disabled.

If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration.