Users Guide

Table Of Contents
Switch Feature Overview 71
supported; however, the switch will transport encrypted packets, such as
PEAP or EAP-TLS packets, between the supplicant and authentication server
in support of mutual authentication and privacy.
For information about configuring IEEE 802.1X settings, see "IEEE 802.1X"
on page 355.
MAC-Based 802.1X Authentication
MAC-based authentication allows multiple supplicants connected to the
same port to each authenticate individually. The switch uses the device’s
MAC address to restrict access to the port to only the devices that have
authenticated. For example, a system attached to the port might be required
to authenticate in order to gain access to the network, while a VoIP phone
might not need to authenticate in order to send voice traffic through the port.
For information about configuring MAC-based 802.1X authentication, see
"IEEE 802.1X" on page 355.
802.1X Monitor Mode
Monitor mode is intended to provide network administrators with a way of
validating authentication access in a test environment. Because monitor
mode always allows network access whenever possible, it should never be used
in a production network with real users except on a limited temporary basis.
Use monitor mode with test users or in a non-production environment to
troubleshoot 802.1X configurations.
Monitor mode can be enabled in conjunction with 802.1X authentication to
allow network access even when the user fails to authenticate. The switch logs
the results of the authentication process for diagnostic purposes. The only
purpose of this mode is to help troubleshoot the configuration of 802.1X
authentication on the switch without affecting the network access to the
users of the switch.
For information about enabling the 802.1X Monitor mode, see "IEEE 802.1X"
on page 355.