Alta Help Center

Search

Wired 802.1X Authentication Setup

Mike D
Mike D
  • Updated

What This Configuration Does

Wired 802.1X requires a device to authenticate before a switch port grants network access.

This is useful for:

  • Securing office ports
  • Controlling device access per device or user
  • Dynamically assigning VLANs

Step 1 — Add the RADIUS Server to the Switch

  1. Navigate to Network
  2. Select the switch
  3. Go to Settings
  4. Under RADIUS, select the Route10 or preferred authentication server, or choose `Click + to add` to create a new RADIUS profile.
  5. Enter:
    1. Name — recognizable name
    2. Auth Server IP — Route10 IP (shown under Network)
    3. Auth Server Port — 1812 (default)
    4. Auth Secret — Must match Route10 secret
    5. Acct Server IP — Route10 IP (shown under Network)
    6. Acct Server Port — 1813 (default)
    7. Acct Secret — Must match Route10 secret
    8. Choose Save to store the RADIUS profile
  6. Select Save again to apply the switch configuration

Step 2 — Enable 802.1X on Ports

  1. Switch to the Ports page of the switch configuration panel.
  2. Select the desired interface
  3. Change Mode from Standard to:
    1. 802.1X (Best Effort)
    2. 802.1X (Strict) (authentication required)
  4. Choose Save
  5. Repeat for other ports as desired*

*If configuring multiple ports, consider using a color profile to deploy port settings at scale. Color profiles are beyond the scope of this article.

Mode Differences

802.1X (Best Effort)

Attempts authentication. Clients will still receive network access if authentication is unsuccessful or not present.

802.1X (Strict)

Authentication is required. Unauthenticated devices receive no network access.

Wired Client Considerations

Wired 802.1X requires a client-side supplicant. If the wired client does not have a supplicant (for example, a device that only requests DHCP and cannot send EAPOL will never authenticate over the wire). 

Devices With 802.1X Support

Operating systems such as Windows, macOS, and Linux support wired 802.1X but will require manual configuration which varies per platform. Some may require special software to create profiles to be able to use wired 802.1X support.

Refer to the operating system documentation for enabling wired 802.1X on those systems. 

VLAN Assignment

If a VLAN is configured for a user in Route10:

  • The switch dynamically assigns that VLAN to the port upon successful authentication.

If no VLAN is configured:

  • The port remains in its default VLAN.

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.