Wired 802.1x Configuration

About this task

802.1X is an IEEE standard for media-level (Layer 2) access control, providing the capability to permit or deny connectivity based on user or device identity. 802.1X allows port based access using authentication. An 802.1X enabled port can be dynamically enabled or disabled depending on user identity or device connection.

Before authentication, the endpoint is unknown, and traffic is blocked. Upon authentication, the endpoint is known and traffic is allowed. The controller or service platform uses source MAC filtering to ensure that only the authenticated endpoint is allowed to send traffic.

To configure a device's wired 802.1x configuration:

Procedure

  1. Go to Configuration → Devices .
    The Device Configuration screen displays. This screen lists access points, controllers and service platforms within the managed network.
  2. Select a target device by double-clicking on the device name.
    You can also select a target device from the device browser in the lower, left-hand, side of the UI.
    The selected device's configuration menu displays.
  3. Select Wired 802.1x.
    Click to expand in new window
    Wired 802.1x Screen
    GUID-FFAAE76A-C3BD-476D-92E2-FE8EF278BED1-low.png
  4. Review the Wired 802.1x Settings area to configure the following parameters:

    Dot1x Authentication Control

    Select this option to globally enable 802.1x authentication. 802.1x authentication is disabled by default.
    Dot1x AAA Policy

    Select a AAA policy to associate with wired 802.1x traffic. If a suitable AAA policy does not exist, click the Create icon to create a new policy or the Edit icon to modify an existing policy.

    Dot1x Guest VLAN Control

    Select this option to globally enable 802.1x guest VLANs for the selected device. This setting is disabled by default.

    MAC Authentication AAA Policy

    Select a AAA authentication policy for MAC address authentication. If a suitable MAC AAA policy does not exist, click the Create icon to create a new policy or the Edit icon to modify an existing policy.
  5. Click OK to save the changes made to the 802.1x configuration.
    Click Reset to revert to the last saved configuration.
9036512-00 Rev AA