5.1.1 Layer 2 authentication type

The Switch supports the following functionality for authentication at the Layer 2 level:

IEEE802.1X

Provides user authentication conforming to the IEEE 802.1X standard. IEEE 802.1X authenticates terminals based on the successful exchange of EAPOL packets.
Web Authentication

Web authentication is a function that uses generic Web browsers to authenticate users. Authenticates users on terminals that can run an ordinary Web browser.
MAC-based Authentication

Authenticates devices such as printers that are not capable of providing user-initiated logons.

Several authentication modes are used in Layer 2 authentication. The table below provides an overview of Layer 2 authentication functionality by authentication mode.

Although some types of authentication functionality will work with other networking functionality, other types will not. For details about the feature combinations, see 5.2 Compatibility between Layer 2 authentication and other functionality.

Table 5-1: Functions supported by Layer 2 authentication
Layer 2 Authentication	Authentication modes	Overview
IEEE802.1X	Port-based authentication	Port-based authentication controls authentication at the physical port or channel group level, with a port or group serving as the unit of authentication. This mode incorporates the three submodes below, each of which presents a different authentication behavior: Single-terminal mode In this mode, only one terminal is authenticated and connected per authentication unit. When an authentication request arrives from another terminal on the same port, the port reverts to the unauthorized state. Multiple-terminal mode This mode allows multiple terminals to connect to the physical port or channel group. In this mode, only one of the attached terminals needs to be authenticated. Terminal authentication mode This mode allows multiple terminals to connect to the physical port or channel group.Each terminal is subject to authentication.
	VLAN-based authentication (static)	This mode controls authentication on a VLAN basis. Multiple terminals are allowed to connect to the VLAN. Each terminal is subject to authentication. Successfully authenticated terminals are permitted access to the VLAN.
	VLAN-based authentication (dynamic)	This mode controls authentication for terminals that attach to a MAC VLAN. Multiple terminals are allowed to connect to the VLAN. Successfully authenticated terminals are permitted access to the VLAN associated with its MAC address.
Web Authentication	Fixed VLAN mode	A terminal is permitted access to the VLAN after successful user authentication.
	Dynamic VLAN mode	After successful user authentication, the terminal is permitted access to the VLAN associated with its MAC address. Authorization is enabled on the physical port where the MAC VLAN is configured.
	Legacy mode	After successful user authentication, the terminal is permitted access to the VLAN associated with its MAC address. Authorization is enabled for access to the MAC VLAN.
MAC-based Authentication	Fixed VLAN mode	A terminal is permitted access to the VLAN after successful user authentication.
MAC-based Authentication	Dynamic VLAN mode	After successful authentication, a terminal is permitted access to the VLAN assigned to its MAC address.