Wired 802.1x Configuration

About this task

802.1X is an IEEE standard for media-level (Layer 2) access control, providing the capability to permit or deny connectivity based on user or device identity. 802.1X allows port based access using authentication. An 802.1X enabled port can be dynamically enabled or disabled depending on user identity or device connection.

Before authentication, the endpoint is unknown, and traffic is blocked. Upon authentication, the endpoint is known and traffic is allowed. The controller or service platform uses source MAC filtering to ensure that only the authenticated endpoint is allowed to send traffic.

To configure a device's wired 802.1x configuration:

Procedure

Select Configuration → Devices from the web UI.
The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
Select a target device in the lower left-hand side of the UI.
You can also select a target device by double-clicking it in the list in the Device Configuration screen.
Select Wired 802.1x from the Device menu options.

Wired 802.1x Screen

Review the Wired 802.1x Settings area to configure the following parameters:


Dot1x Authentication Control	Select this option to globally enable 802.1x authentication. 802.1x authentication is disabled by default.
Dot1x AAA Policy	Select a AAA policy to associate with wired 802.1x traffic. If a suitable AAA policy does not exist, click the Create icon to create a new policy or the Edit icon to modify an existing policy.
Dot1x Guest VLAN Control	Select this option to globally enable 802.1x guest VLANs for the selected device. This setting is disabled by default.
MAC Authentication AAA Policy	Select a AAA authentication policy for MAC address authentication. If a suitable MAC AAA policy does not exist, click the Create icon to create a new policy or the Edit icon to modify an existing policy.

Click OK to save the changes made to the 802.1x configuration.
Click Reset to revert to the last saved configuration.