159
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Identity Features on Layer 3 Interface
Controlling Port Authorization State
Domain: DATA
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
AAA Policies:
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0303030300000004002500A8
Acct Session ID: 0x00000007
Handle: 0x3D000005
Runnable methods list:
Method State
mab Authc Success
c1921#
Controlling Port Authorization State
You can control the port authorization by using the following methods:
• Force-authorized-This is the default setting that disables IEEE 802.1X and causes a port to transition
to the authorized state without any authentication exchange required. The port transmits and
receives normal traffic without IEEE 802.1X-based authentication of the client.
• Force-unauthorized-This causes a port to remain in the unauthorized state, ignoring all the
authentication attempts made by a client. A router cannot provide authentication services to clients
through the interface.
• Auto-This enables IEEE 802.1X authentication and causes a port to start in the unauthorized state,
allowing only Extensible Authentication Protocol over LAN (EAPoL) frames to be sent and received
through a port. The authentication process begins when the link state of the port transitions from
down to up, or when an EAPoL-start frame is received. The router requests the identity of the client
and begins relaying authentication messages between the client and the authentication server. Each
client attempting to access the network is uniquely identified by the router with the help of the
client's MAC address. If the client is successfully authenticated, the port state changes to authorized,
and all the frames from the authenticated client are allowed through the port. If authentication fails,
the port remains in the unauthorized state, but authentication can be retried.
Configuring the Controlling Port Authorization State
Perform these steps to configure the Controlling Port Authorization state.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface gigabitethernet slot / port
4. authentication port-control auto
5. mab
6. end
To Next Page
Loading...
