5.1.1 Layer 2 authentication type
The Switch supports the following functionality for authentication at the Layer 2 level:
-
IEEE802.1X
Provides user authentication conforming to the IEEE 802.1X standard. IEEE 802.1X authenticates terminals based on the successful exchange of EAPOL packets.
-
Web Authentication
Web authentication is a function that uses generic Web browsers to authenticate users. Authenticates users on terminals that can run an ordinary Web browser.
-
MAC-based Authentication
Authenticates devices such as printers that are not capable of providing user-initiated logons.
Several authentication modes are used in Layer 2 authentication. The table below provides an overview of Layer 2 authentication functionality by authentication mode.
Although some types of authentication functionality will work with other networking functionality, other types will not. For details about the feature combinations, see 5.2 Compatibility between Layer 2 authentication and other functionality.
Layer 2 Authentication |
Authentication modes |
Overview |
---|---|---|
IEEE802.1X |
Port-based authentication |
Port-based authentication controls authentication at the physical port or channel group level, with a port or group serving as the unit of authentication. This mode incorporates the three submodes below, each of which presents a different authentication behavior:
|
VLAN-based authentication (static) |
This mode controls authentication on a VLAN basis. Multiple terminals are allowed to connect to the VLAN. Each terminal is subject to authentication. Successfully authenticated terminals are permitted access to the VLAN. |
|
VLAN-based authentication (dynamic) |
This mode controls authentication for terminals that attach to a MAC VLAN. Multiple terminals are allowed to connect to the VLAN. Successfully authenticated terminals are permitted access to the VLAN associated with its MAC address. |
|
Web Authentication |
Fixed VLAN mode |
A terminal is permitted access to the VLAN after successful user authentication. |
Dynamic VLAN mode |
After successful user authentication, the terminal is permitted access to the VLAN associated with its MAC address. Authorization is enabled on the physical port where the MAC VLAN is configured. |
|
Legacy mode |
After successful user authentication, the terminal is permitted access to the VLAN associated with its MAC address. Authorization is enabled for access to the MAC VLAN. |
|
MAC-based Authentication |
Fixed VLAN mode |
A terminal is permitted access to the VLAN after successful user authentication. |
Dynamic VLAN mode |
After successful authentication, a terminal is permitted access to the VLAN assigned to its MAC address. |