Cisco Systems ISA550 Universal Remote User Manual


 
Networking
Managing Ports
Cisco ISA500 Series Integrated Security Appliances Administration Guide 121
4
STEP 1 In the RADIUS Settings area, specify the RADIUS servers for authentication.
The security appliance predefines three RADIUS groups. Choose a predefined
RADIUS group from the RADIUS Index drop-down list to authenticate users on
802.1x-capable clients. The RADIUS server settings of the selected group are
displayed. You can edit the RADIUS server settings here but the settings that you
specify will replace the default settings of the selected group. For information on
configuring RADIUS servers, see Configuring RADIUS Servers, page 401.
STEP 2 In the Port-Based Access Control Settings area, perform the following actions:
Access Control: Check this box to enable the 802.1x access control feature,
or uncheck this box to disable it. This feature is not available for trunk ports.
Guest Authentication: After you enable the 802.1x access control feature,
check this box to enable the Guest Authentication feature, or uncheck this
box to disable it.
Authorization Mode: Specify the authorization mode for each physical port
by clicking one of the following icons:
- Forced Authorized: Disable the 802.1x access control feature and cause
the port to transition to the authorized state without any authentication
exchange required. The port transmits and receives normal traffic
without 802.1x-based authentication of the client.
- Forced Unauthorized: Cause the port to remain in the unauthorized
state, ignoring all attempts by the client to authenticate. The security
appliance cannot provide authentication services to the client through
the port.
- Auto: Enable the 802.1x access control feature and cause the port to
begin in the unauthorized state, allowing only EAPOL frames to be sent
and received through the port. The authentication process begins when
the link state of the port transitions from down to up, or when an
EAPOL-start frame is received. The security appliance requests the
identity of the client and begins relaying authentication messages
between the client and the authentication server. Each client attempting
to access the network is uniquely identified by the security appliance by
using the client's MAC address.
STEP 3 To specify the authenticated VLANs on a physical port, click the Edit (pencil) icon.
STEP 4 Enter the following information in the Port-Base Access Control - Edit page:
Access Control: Check this box to enable the 802.1x access control feature.