802.1X Global Configuration

The Global dialog allows you to:

Tab. 802.1X Port Security Dialog, Part 1

Parameters

Meaning

Possible values

Default setting

Operation

Switches the function on or off

On, Off

Off

Activating the VLAN assignment

Activates or deactivates the assigning of a VLAN ID via the RADIUS server to a port.

If a device places a query to a port via 802.1X, the RADIUS server will optionally send along a VLAN ID when a positive response is returned. If you have activated the function, the Switch then incorporates the port as an untagged member in the VLAN specified and sets the port VLAN ID to this value.

Note the following information about VLAN assignment.

On, Off

Off


Note: The Switch can assign untagged frames to a VLAN per port.
If you:
then the Switch will only accept an additional client after that:If the VLAN ID is different for the new client, the Switch decides on the basis of the client's authentication priority which client it gives access to:
A client that authenticates itself via 802.1X has a higher priority than a client with access to the guest or unauthenticated VLAN.

Tab. 802.1X Port Security Dialog, Part 2

Parameters

Meaning

Possible values

Default setting

Activate Dynamic VLAN Creation

Assigns the Switch to create the VLAN designated by the RADIUS server, provided it does not yet exist.

On

Off

Off

Activate Safe VLAN mode

For the device families other than MACH 104 and MACH 1040:

Sets whether the Switch only gives access to a safe VLAN to a client that sends untagged frames or whether it may assign to the client a different one than the VLAN specified by the RADIUS server.

  • On:
    The Switch only gives the client access to the VLAN whose ID the RADIUS server specifies.
    If the Switch finds a conflict between the existing port VLAN ID and the one specified by the RADIUS server, then the Switch sets the port VLAN ID that the client with the higher authentication priority requires (see above). The Switch denies access to the client with the lower priority.

  • Off:
    If the Switch finds a conflict between the existing port VLAN ID and the one specified by the RADIUS server, the Switch ignores the VLAN ID specified by the RADIUS server and gives the client access to the VLAN of the port VLAN ID (native VLAN ID).

On

Off

Off


Preparing the device for the 802.1X port authentication:

Buttons

Tab. Buttons (Forts.)

Button

Meaning

“Set”

Transfers the changes to the volatile memory (RAM) of the device. To permanently save the changes afterwards, you open the Basic Settings:Load/Save dialog and click “Save”.

“Reload”

Updates the fields with the values that are saved in the volatile memory (RAM) of the device.

“Help”

Opens the online help.