Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring 802.1X Authentication (J-Web Procedure)

Note:

This topic applies only to the J-Web Application package.

To configure 802.1X settings on an EX Series switch using the J-Web interface:

  1. Select Configure > Security > 802.1X.

    The 802.1X screen displays a list of interfaces, whether 802.1X security has been enabled, and the assigned port role.

    When you select an interface, the Details of 802.1x configuration on port section displays 802.1X details for that interface.

    Note:

    After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

  2. Select one of the following options:

    • RADIUS Servers—Specifies the RADIUS server to be used for authentication. Select the corresponding check box to specify a server. Click Add or Edit to add or modify the RADIUS server settings. Enter information as specified in Table 1.

    • Exclusion List—Excludes hosts from the 802.1X authentication list by specifying the MAC address. Click Add or Edit in the Exclusion List screen to include or modify the MAC addresses. Enter information as specified in Table 2.

    • Edit—Specifies 802.1X settings for the selected interface

      • Apply 802.1X Profile—Applies an 802.1X profile based on the port role. If a message appears asking whether you want to configure a RADIUS server, click Yes.

      • 802.1X Configuration—Configures custom 802.1X settings for the selected interface. If a message appears asking whether you want to configure a RADIUS server, click Yes. Enter information as specified in Table 1. To configure 802.1X port settings, enter information as specified in Table 3.

    • Delete—Deletes 802.1X authentication configuration on the selected interface.

Table 1: RADIUS Server Settings

Field

Function

Your Action

IP Address

Specifies the IP address of the server.

Enter the IP address in dotted decimal notation.

Password

Specifies the login password.

Enter the password.

Confirm Password

Verifies the login password for the server.

Reenter the password.

Server Port Number

Specifies the port with which the server is associated.

Type the port number.

Source Address

Specifies the source address of the switch using which the switch can communicate with the server.

Type the IP address in dotted decimal notation.

Retry Attempts

Specifies the number of login retries allowed after a login failure.

Type the number.

Timeout

Specifies the time interval to wait before the connection to the server is closed.

Type the interval in seconds.
Table 2: 802.1X Exclusion List

Field

Function

Your Action

MAC Address

Specifies the MAC address to be excluded from 802.1X authentication.

Enter the MAC address.

Exclude if connected through the port

Specifies that the host can bypass authentication if it is connected through a particular interface.

Select to enable the option. Select the port through which the host is connected.

Move the host to the VLAN

Specifies moving the host to a specific VLAN once the host is authenticated.

Select to enable the option. Select the VLAN from the list.
Table 3: 802.1X Port Settings

Field

Function

Your Action

Supplicant Mode

Supplicant Mode

Specifies the mode to be adopted for supplicants:

  • Single—Allows only one host for authentication.

  • Multiple—Allows multiple hosts for authentication. Each host is checked before being admitted to the network.

  • Single authentication for multiple hosts—Allows multiple hosts, but only the first host is authenticated.

Select a mode.

Authentication

Enable re-authentication

Specifies enabling reauthentication on the selected interface.

  1. Select to enable reauthentication.

  2. Enter the timeout for reauthentication in seconds.

Action on authentication failure

Specifies the action to be taken if the host does not respond, leading to an authentication failure.

Select one:

  • Move to the Guest VLAN—Select the VLAN to move the interface to.

  • Deny—The host is not permitted access.

Timeouts

Specifies timeout values for each action.

Enter the value in seconds for:

  • Port waiting time after an authentication failure

  • EAPOL retransmitting interval

  • Maximum number of EAPOL requests

  • Maximum number of retries

  • Port timeout value for the response from the supplicant

  • Port timeout value for the response from the RADIUS server

Related Documentation