Switch Features 63Dot1x Authentication (IEEE 802.1X)Dot1x authentication enables the authentication of system users through alocal internal server or an external server. Only authenticated and approvedsystem users can transmit and receive data. Supplicants are authenticatedusing the Extensible Authentication Protocol (EAP). Also supported arePEAP, EAP-TTL, EAP-TTLS, and EAP-TLS.For information about configuring IEEE 802.1X settings, see "Configuring802.1X and Port-Based Security" on page 509.MAC-Based 802.1X AuthenticationMAC-based authentication allows multiple supplicants connected to thesame port to each authenticate individually. For example, a system attachedto the port might be required to authenticate in order to gain access to thenetwork, while a VoIP phone might not need to authenticate in order to sendvoice traffic through the port.For information about configuring MAC-based 802.1X authentication, see"Configuring 802.1X and Port-Based Security" on page 509.Dot1x Monitor ModeMonitor mode can be enabled in conjunction with Dot1x authentication toallow network access even when the user fails to authenticate. The switch logsthe results of the authentication process for diagnostic purposes. The mainpurpose of this mode is to help troubleshoot the configuration of a Dot1xauthentication on the switch without affecting the network access to theusers of the switch.For information about enabling the Dot1X Monitor mode, see "Configuring802.1X and Port-Based Security" on page 509.MAC-Based Port SecurityThe port security feature limits access on a port to users with specific MACaddresses. These addresses are manually defined or learned on that port.When a frame is seen on a locked port, and the frame source MAC address isnot tied to that port, the protection mechanism is invoked.For information about configuring MAC-based port security, see""Configuring 802.1X and Port-Based Security" on page 509.
