Configuration of 802.1x network access control on the router consists of two parts:
Generic parameters, which are configured under
config>system>security>dot1x
Port-specific parameters, which are configured under
config>port>ethernet>dot1x
The following considerations apply:
- If per-host authentication is not configured, the authentication of any host on the
port provides access to the port for any device,
even if only a single client has been
authenticated.
- 802.1x authentication can only be used to gain access to a pre-defined Service Access
Point (SAP). It is not possible to dynamically
select a service (such as a VPLS service)
depending on the 802.1x authentication
information.
- If 802.1x access control is enabled and a high rate of 802.1x frames are received on
a port, that port is blocked for a period of 5
minutes as a DoS protection mechanism.