
ii
802.1X-related protocols··································································································································84
Packet formats·········································································································································84
EAP over RADIUS ···································································································································85
802.1X authentication initiation························································································································86
802.1X client as the initiator·····················································································································86
Access device as the initiator···················································································································86
802.1X authentication procedures ···················································································································87
Comparing EAP relay and EAP termination·····························································································87
EAP relay·················································································································································88
EAP termination·······································································································································89
Configuring 802.1X·······················································································91
Access control methods···································································································································91
802.1X VLAN manipulation······························································································································91
Authorization VLAN··································································································································91
Guest VLAN·············································································································································93
Auth-Fail VLAN ········································································································································94
Critical VLAN············································································································································95
Critical voice VLAN ··································································································································97
Using 802.1X authentication with other features ·····························································································98
ACL assignment·······································································································································98
Redirect URL assignment························································································································98
EAD assistant···········································································································································98
SmartOn···················································································································································99
Configuration prerequisites······························································································································99
802.1X configuration task list·························································································································100
Enabling 802.1X·············································································································································100
Enabling EAP relay or EAP termination·········································································································101
Setting the port authorization state ················································································································101
Specifying an access control method ············································································································102
Setting the maximum number of concurrent 802.1X users on a port·····························································102
Setting the maximum number of authentication request attempts·································································103
Setting the 802.1X authentication timeout timers ··························································································103
Configuring online user handshake ···············································································································103
Configuration restrictions and guidelines·······························································································104
Configuration procedure·························································································································104
Configuring the authentication trigger feature································································································104
Configuration restrictions and guidelines·······························································································105
Configuration procedure·························································································································105
Specifying a mandatory authentication domain on a port··············································································105
Setting the quiet timer····································································································································106
Configuring 802.1X reauthentication··············································································································106
Overview················································································································································106
Configuration restrictions and guidelines·······························································································106
Configuring 802.1X periodic reauthentication························································································107
Configuring 802.1X manual reauthentication·························································································107
Enabling the keep-online feature ···········································································································107
Configuring an 802.1X guest VLAN···············································································································108
Configuration restrictions and guidelines·······························································································108
Configuration prerequisites····················································································································108
Configuration procedure·························································································································109
Enabling 802.1X guest VLAN assignment delay ···························································································109
Configuring an 802.1X Auth-Fail VLAN ·········································································································109
Configuration restrictions and guidelines·······························································································109
Configuration prerequisites····················································································································110
Configuration procedure·························································································································110
Configuring an 802.1X critical VLAN··············································································································110
Configuration restrictions and guidelines·······························································································111
Configuration prerequisites····················································································································111
Configuration procedure·························································································································111
Enabling the 802.1X critical voice VLAN········································································································112
Configuration restrictions and guidelines·······························································································112