The objective of this article is to show you how to configure 802.1x Authentication on the Cisco Business 220 series smart switches.
Port Authentication enables the configuration of parameters for each port. Since some of the configuration changes are only possible while the port is in a Force Authorized state, such as host authentication, it’s recommended that you change the port control to Force Authorized before making changes. When the configuration is complete, return the port control to its previous state.
Log in to the switch Web User Interface (UI) and choose Security > 802.1x > Port Authentication.
Click on the radio button for the port that you want to configure then click the edit icon.
The Edit Port Authentication window will then pop up. From the Interface drop-down list, make sure the specified port is the one you chose in Step 2. Otherwise, click the drop-down arrow and choose the right port.
Choose a radio button for the Administrative Port Control. This will determine the port authorization state. The options are:
Choose a radio button for the RADIUS VLAN Assignment. This will enable Dynamic VLAN assignment on the specified port. The options are:
Quick Tip: For the Dynamic VLAN Assignment feature to work, the switch requires the following VLAN attributes to be sent by the RADIUS server:
Check the Enable check box for the Guest VLAN to use a guest VLAN for unauthorized ports.
Check the Enable check box for Periodic Reauthentication. This will enable port re-authentication attempts after the specified Reauthentication Period.
Enter a value in the Reauthentication Period field. This is the time in seconds to reauthenticate the port.
Check the Reauthenticate Now check box to enable immediate port re-authentication.
In the Max Hosts field, enter the maximum number of authenticated hosts allowed on the specific port. This value only takes effect on multi-session mode.
In the Quiet Period field, enter the number of seconds that the switch remains in the quiet state following a failed authentication exchange. When the switch is in a quiet state, it means the switch is not listening for new authentication requests from the client.
In the Resending EAP field, enter the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) request or identity frame from the supplicant (client) before resending the request.
In the Max EAP Requests field, enter the maximum number of EAP requests that can be sent. If a response is not received after the defined period (supplicant timeout), the authentication process is restarted.
In the Supplicant Timeout field, enter the number of seconds that lapses before EAP requests are resent to the supplicant.
In the Server Timeout field, enter the number of seconds that lapses before the switch resends a request to the authentication server.
Click Apply.
You should now have successfully configured 802.1x Authentication on your switch.
For more configurations, refer to the Cisco Business 220 Series Switches Administration Guide.
If you would like to view other articles, check out the Cisco Business 220 Series Switch Support Page