EasyManuals Logo

Cisco Catalyst 2950 Software Guide

Cisco Catalyst 2950
376 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #160 background imageLoading...
Page #160 background image
7-4
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter7 Configuring 802.1X Port-Based Authentication
Understanding 802.1X Port-Based Authentication
Figure 7-2 Message Exchange
Ports in Authorized and Unauthorized States
The switch port state determines whether or not the client is granted access to the network. The port starts in
the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X
packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all
traffic for the client to flow normally.
If a client that does not support 802.1X is connected to an unauthorized 802.1X port, the switch requests
the clients identity. In this situation, the client does not respond to the request, the port remains in the
unauthorized state, and the client is not granted access to the network.
In contrast, when an 802.1X-enabled client connects to a port that is not running 802.1X , the client
initiates the authentication process by sending the EAPOL-start frame. When no response is received,
the client sends the request for a fixed number of times. Because no response is received, the client
begins sending frames as if the port is in the authorized state.
You control the port authorization state by using the dot1x port-control interface configuration
command and these keywords:
force-authorizeddisables 802.1X and causes the port to transition to the authorized state without
any authentication exchange required. The port transmits and receives normal traffic without
802.1X-based authentication of the client. This is the default setting.
force-unauthorizedcauses the port to remain in the unauthorized state, ignoring all attempts by
the client to authenticate. The switch cannot provide authentication services to the client through the
interface.
Client
Catalyst 2950 switch
Port Authorized
Port Unauthorized
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/OTP
EAP-Response/OTP
EAP-Success
RADIUS Access-Request
RADIUS Access-Challenge
RADIUS Access-Request
RADIUS Access-Accept
EAPOL-Logoff
Authentication
server
(RADIUS)
65231

Table of Contents

Other manuals for Cisco Catalyst 2950

Preview: Software Configuration Guide
Software Configuration Guide674 pages
Preview: Getting Started Guide
Getting Started Guide28 pages
Preview: Command Reference
Command Reference686 pages
Preview: Datasheet
Datasheet19 pages
Preview: Hardware Installation Guide
Hardware Installation Guide232 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2950 and is the answer not in the manual?

Cisco Catalyst 2950 Specifications

General IconGeneral
Forwarding Bandwidth8.8 Gbps
Switching Capacity13.6 Gbps
Forwarding Rate6.6 Mpps
Weight3.6 kg
RAM16 MB
Flash Memory8 MB
Operating Humidity10% to 85% non-condensing
Uplink Ports2 x 10/100/1000Base-T
Dimensions4.4 cm x 44.5 cm x 24.2 cm
Remote Management ProtocolSNMP, Telnet, HTTP
FeaturesQuality of Service (QoS), VLAN support
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicatorssystem
Operating Temperature0 to 45°C
Ports24 x 10/100 Ethernet ports
MAC Address Table Size8, 192 entries
Power SupplyInternal 100-240V AC, 50-60Hz

Related product manuals