EasyManuals Logo

Cisco Catalyst 2950 Software Guide

Cisco Catalyst 2950
376 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #159 background imageLoading...
Page #159 background image
7-3
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter 7 Configuring 802.1X Port-Based Authentication
Understanding 802.1X Port-Based Authentication
The devicesthat can act as intermediariesinclude the Catalyst 3550 multilayer switch, Catalyst 2950
switch, or a wireless access point. These devices must be running software that supports the
RADIUS client and 802.1X.
Authentication Initiation and Message Exchange
The switch or the client can initiate authentication. If you enable authentication on a port by using the
dot1x port-control auto interface configuration command, the switch must initiate authentication when
it determines that the port link state transitions from down to up. It then sends an EAP-request/identity
frame to the client to request its identity (typically, the switch sends an initial identity/request frame
followed by one or more requests for authentication information). Upon receipt of the frame, the client
responds with an EAP-response/identity frame.
However, if during bootup, the client does not receive an EAP-request/identity frame from the switch,
the client can initiate authentication by sending an EAPOL-start frame, which prompts the switch to
request the clients identity.
Note If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client
are dropped. If the client does not receive an EAP-request/identity frame after three attempts to start
authentication, the client transmits frames as if the port is in the authorized state. A port in the authorized
state effectively means that the client has been successfully authenticated. For more information, see the
Ports in Authorized and Unauthorized States sectiononpage7-4.
When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames
between the client and the authentication server until authentication succeeds or fails. If the
authentication succeeds, the switch port becomes authorized. For more information, see the Ports in
Authorized and Unauthorized States section on page 7-4.
The specific exchange of EAP frames depends on the authentication method being used. Figure 7-2
shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication
method with a RADIUS server.

Table of Contents

Other manuals for Cisco Catalyst 2950

Preview: Software Configuration Guide
Software Configuration Guide674 pages
Preview: Getting Started Guide
Getting Started Guide28 pages
Preview: Command Reference
Command Reference686 pages
Preview: Datasheet
Datasheet19 pages
Preview: Hardware Installation Guide
Hardware Installation Guide232 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2950 and is the answer not in the manual?

Cisco Catalyst 2950 Specifications

General IconGeneral
Forwarding Bandwidth8.8 Gbps
Switching Capacity13.6 Gbps
Forwarding Rate6.6 Mpps
Weight3.6 kg
RAM16 MB
Flash Memory8 MB
Operating Humidity10% to 85% non-condensing
Uplink Ports2 x 10/100/1000Base-T
Dimensions4.4 cm x 44.5 cm x 24.2 cm
Remote Management ProtocolSNMP, Telnet, HTTP
FeaturesQuality of Service (QoS), VLAN support
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicatorssystem
Operating Temperature0 to 45°C
Ports24 x 10/100 Ethernet ports
MAC Address Table Size8, 192 entries
Power SupplyInternal 100-240V AC, 50-60Hz

Related product manuals