General Operating Rules and Notes
■
When there is an authenticated client on a port, the following traffic
movement is allowed:
•
5300xl switches with software release E.09.xx (client-based authen
tication allowing up to 32 authenticated clients per-port):
–
Multicast and broadcast traffic is allowed on the port.
–
Unicast traffic to authenticated clients on the port is allowed.
–
All traffic from authenticated clients on the port is allowed.
(Refer to "5300xl Switches (with Software Release E.09.xx or
Greater)" on page 10-4.)
•
3400cl and 6400cl switches, and 5300xl switches with a software
release earlier than E.09.xx (port-based authentication): Opens the
port to any traffic from any client, unless port-security rules have been
applied to limit client access.
Refer to "802.1X Port-Based Access Control on 3400cl/6400cl
Switches, and 5300xl Switches (with Software Release E.08.xx and
Earlier)" on page 10-4.)
When a port on the switch is configured as either an authenticator or
■
supplicant and is connected to another device, rebooting the switch
causes a re-authentication of the link.
■
When a port on the switch is configured as an authenticator:
•
3400cl and 6400cl switches, and 5300xl switches running a software
release earlier than E.09.xx: Allows authentication of a single client.
Note that if a client is authenticated on the port, then the port operates
in an unblocked mode until the authenticated client drops the link.
Refer to "802.1X Port-Based Access Control on 3400cl/6400cl
Switches, and 5300xl Switches (with Software Release E.08.xx and
Earlier)" on page 10-4.
•
5300xl switches running software release E.09.xx or greater: The port
allows only authenticated clients up to the currently configured client
limit (default = 1). Refer to "5300xl Switches (with Software Release
E.09.xx or Greater)" on page 10-4.
For clients that do not have the proper 802.1X supplicant software, the
optional 802.1X Open VLAN mode can be used to open a path for down
loading 802.1X supplicant software to a client or to provide other services
for unauthenticated clients. Refer to "802.1X Open VLAN Mode" on
page 10-21.)
Configuring Port-Based and Client-Based Access Control (802.1X)
General Operating Rules and Notes
10-11