Cisco 350 Series Administration Manual page 529

18
358
The following options are available:
• restrict—Generates a trap when a station, whose MAC address is not the supplicant
MAC address, attempts to access the interface. The minimum time between the traps is
1 second. These frames are forwarded, but their source addresses are not learned.
• protect—Discard frames with source addresses that are not the supplicant address.
• shutdown—Discard frames with source addresses that are not the supplicant address
and shutdown the port.
You can also configure the device to send SNMP traps, with a configurable minimum time
between consecutive traps. If seconds = 0, traps are disabled. If minimum time is not specified,
it defaults to 1 second for the restrict mode and 0 for the other modes.
Quiet Period
The Quiet period is a period when the port (single-host or multi-host modes) or the client
(multi-sessions mode) cannot attempt authentication, following a failed authentication
exchange. In single-host or multi-host mode, the period is defined per port, and in the multi-
sessions mode the period is defined per client. During the quiet period, the switch does not
accept or initiate authentication requests.
The period is only applied to 802.1x-based and Web-based authentications.
You can also specify the maximum number of login attempts before the quiet period is started.
A value of 0 specifies the unlimited number of login attempts.
The duration of the quiet period and the maximum number of login attempts can be set in the
Port Authentication page.
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Security: 802.1X Authentication
Overview