Port authentication settings

Port authentication settings

1. Summary

This page is for configuring the port authentication.
To use port authentication, you need to configure the system settings and the interface settings.
You also need to configure the authentication server in Interface settings > Port authentication > Server settings.

2. Top page

This is the top page for the port authentication settings.

2.1. System settings

  • Displays the port authentication settings for the system.

  • The table items are explained below.

    • 802.1X authentication

      • Displays whether 802.1X authentication is enabled or not for the entire system.

    • MAC authentication

      • Displays whether MAC authentication is enabled or not for the entire system.

    • Web authentication

      • Displays whether web authentication is enabled or not for the entire system.

  • Press the "Setting" button to display the page for configuring the system settings.

2.2. Interface settings

  • Displays the port authentication settings for the interface.

  • The table items are explained below.

    • I/F

      • Displays the interface name.

    • Enabled authentication functions

      • Displays the enabled authentication functions for the interface.

    • Host mode

      • Displays the authentication operation mode setting.

  • Press the "Setting" button to display the page for changing the settings of the selected interface.

  • Press the "Specify all" button to configure all interfaces with the check box selected.

  • If you press the "Return to defaults" button, the settings will be initialized on all interfaces whose check boxes are selected.

3. System settings page

This page is for configuring the port authentication for the system.
You can also change the detailed settings by pressing the "Advanced settings" button.
Enter the settings, and then press the "Confirm" button.
If there are no mistakes in the input content of the confirmation screen, press the "OK" button.

3.1. System settings

  • Authentication functions to be enabled

    • Select the authentication functions to be enabled for the entire system from the following.

      • 802.1X authentication

      • MAC authentication

      • Web authentication

  • MAC address format for MAC authentication

    • Select the MAC address format for MAC authentication from the following.

      • Delimiter (-), Lowercase

      • Delimiter (:), Lowercase

      • No delimiter, Lowercase

      • Delimiter (-), Uppercase

      • Delimiter (:), Uppercase

      • No delimiter, Uppercase

  • Redirect URL after successful web authentication

    • Specify the destination URL for redirecting the authenticated device after successful web authentication.

    • Enter up to 256 characters using single-byte alphanumeric characters and symbols, excluding ? symbol.

  • Clearing authentication status

    • Specify whether or not to clear the authentication status of the device periodically.

    • The input range of the time to clear is from 0 to 23 o’clock.

    • If Clearing authentication status is set in the interface settings, the setting in the interface settings takes precedence.

4. Interface settings page

This page is for configuring the port authentication for the interface.
You can also change the detailed settings by pressing the "Advanced settings" button.
Enter the settings, and then press the "Confirm" button.
If there are no mistakes in the input content of the confirmation screen, press the "OK" button.

4.1. Interface settings

  • Applicable interface

    • Displays the name of the interface whose settings are to be changed.

  • Authentication functions to be enabled

    • Select authentication functions to be enabled for the interface from the following.

      • 802.1X authentication

      • MAC authentication

      • Web authentication

  • Host mode

    • Select the authentication operation mode for the authentication function from the following.

      • Single host mode

        • If the device connected to the interface has successfully authenticated, only the device can access.
          If another device has already authenticated, this device cannot authenticate or access.

      • Multi host mode

        • If any device connected to the interface has successfully authenticated, all devices connected to the interface can access.

      • Multi supplicant mode ( Recommended )

        • All devices connected to theinterface can individually authenticate, and only the devicessuccessfully authenticated can access.

  • Authentication order

    • Select which authentication to use first if both 802.1X authentication and MAC authentication are enabled.

      • 802.1X authentication first

      • MAC authentication first

    • Web authentication authenticates when ID and Password are entered regardless of this setting.

  • MAC address registration type after MAC authentication

    • Select a registration type for authenticated MAC addresses to the MAC address table.

      • Register as dynamic entry

      • Register as static entry

    • The aging timer automatically deletes MAC addresses registered as dynamic entries from the MAC address table.

    • The "clear auth state" or the "authclear-state time" command can delete MAC addresses registered as staticentries from the MAC address table.

  • Guest VLAN

    • Specify the guest VLAN.

    • Press the "Select" button, and then select a VLAN ID from the "VLAN list" dialog.

    • When a guest VLAN is configured, devices that have not successfully authenticated can also access the specified VLAN.

    • This cannot be used with web authentication.

  • Dynamic VLAN

    • Specify whether or not to use dynamic VLAN.

    • If you set to use dynamic VLAN, VLANs are dynamically assigned to each device that has successfully authenticated.

    • The VLAN to be assigned depends on the authentication server settings.

  • Waiting time for a response from device

    • Specify the waiting time for a response from the device during authentication.

    • The input range is from 1 to 65535 seconds.

  • Authentication restriction period after authentication failure

    • Specify the period to restrict authentication after the authentication of a device fails.

    • The input range is from 1 to 65535 seconds.

    • While authentication is restricted, all packets received on the target interface are discarded.

  • Re-authentication of authenticated device

    • Specify whether or not to periodically re-authenticate the device that has successfully authenticated.

    • The input range of the re-authentication interval is from 300 to 86400 seconds.

  • Clearing authentication status

    • Specify whether or not to clear the authentication status of the device periodically.

    • The input range of the time to clear is from 0 to 23 o’clock.

  • 802.1X authentication operation mode

    • Select the operation mode for 802.1X authentication from the following.

      • Operate as authentication interface

      • Set as authenticated interface

      • Set as unauthenticated interface

  • Forwarding control on unauthenticated ports for 802.1X authentication

    • When 802.1X authentication is enabled,specify the communication restriction method for devices that have notsuccessfully authenticated from the following.

      • Discard both sending and receiving

      • Discard only receiving

    • If any of the following conditions are met, this setting is ignored, and the function operates as Discard only receiving.

      • Host mode is set to multi-supplicant mode.

      • MAC authentication is enabled.

    • If the guest VLAN is configured, this setting does not affect the communication restrictions.

  • Number of times to send EAPOL packets

    • Specify the maximum number of times to send EAPOL packets.

    • The input range is from 1 to 10 times.