Configuring 802.1X Authentication (J-Web Procedure)
To configure 802.1X settings using J-Web:
- From the Configure menu, select Security > 802.1X.
The 802.1X screen displays a list of interfaces, whether 802.1X
security has been enabled, and the assigned port role.
When you select a particular interface, the Details section
displays 802.1X details for the selected interface.
- Click one:
- RADIUS Servers—Specifies the RADIUS server to be
used for authentication. Select the checkbox to select the required
server. Click Add or Edit to add or modify the RADIUS
server settings. Enter information as specified in Table 1.
- Exclusion List — Excludes hosts from the 802.1X
authentication list by specifying the MAC address. Click Add or Edit in the Exclusion list screen to include or modify
the MAC addresses. Enter information as specified in Table 2.
- Edit— Specifies 802.1X settings for the selected
interface
- Apply 802.1X Profile—Applies a pre-defined 802.1X
profile based on the port role. If a message appears asking if you
want to configure a RADIUS server, click Yes.
- 802.1X Configuration—Configures custom 802.1X settings
for the selected interface. If a message appears asking if you want
to configure a RADIUS server, click Yes. Enter information
as specified in Table 1. To configure 802.1X settings enter information
as specified in Table 3.
- Delete — Deletes 802.1X authentication configuration
on the selected interface.
Table 1: RADIUS Server Settings
|
Field
|
Function
|
Your Action
|
|
IP Address
|
Specifies the IP address of the server.
|
Enter the IP address in dotted decimal notation.
|
|
Password
|
Specifies the login password.
|
Enter the password.
|
|
Confirm Password
|
Verifies the login password for the server.
|
Reenter the password.
|
|
Server Port Number
|
Specifies the port with which the server is associated.
|
Type the port number.
|
|
Source Address
|
Specifies the source address of the server.
|
Type the server’s 32-bit IP address, in dotted
decimal notation.
|
|
Retry Attempts
|
Specifies the number of login retries allowed after a
login failure.
|
Type the number.
|
|
Timeout
|
Specifies the time interval to wait before the connection
to the server is closed.
|
Type the interval in seconds.
|
Table 2: 802.1X Exclusion List
|
Field
|
Function
|
Your Action
|
|
MAC Address
|
Specifies the MAC address to be excluded from 802.1X
authentication.
|
Enter the MAC address.
|
|
Exclude if connected through the port
|
Specifies that the host can bypass authentication if
it is connected through a particular interface.
|
Select to enable the option. Select the port through
which the host is connected.
|
|
Move the host to the VLAN
|
Specifies moving the host to a specific VLAN once the
host is authenticated.
|
Select to enable the option. Select the VLAN from the
list.
|
Table 3: 802.1X Port Settings
|
Field
|
Function
|
Your Action
|
|
Supplicant Mode
|
|
Supplicant Mode
|
Specifies the mode to be adopted for supplicants:
- Single — allows only one host for authentication.
- Multiple — allows multiple hosts for authentication.
Each host is checked before being admitted to the network.
- Single authentication for multiple hosts — Allows
multiple hosts but only the first is authenticated.
|
Select the required mode.
|
|
Authentication
|
|
Enable re-authentication
|
Specifies enabling reauthentication on the selected interface.
|
- Select to enable reauthentication.
- Enter the timeout for reauthentication in seconds.
|
|
Action on authentication failure
|
Specifies the action to be taken in case of an authentication
failure.
|
Select one:
- Move to the Guest VLAN — Select the VLAN to move
the interface to.
- Deny — the host is not permitted access.
|
|
Timeouts
|
Specifies timeout values for each action.
|
Enter the value in seconds for:
- Port waiting time after an authentication failure
- EAPOL re-transmitting interval
- Max. EAPOL requests
- Maximum number of retries
- Port timeout value for the response from the supplicant
- Port timeout value for the response from the RADIUS server
|
