EasyManuals Logo

Cisco Catalyst 2960 Series User Manual

Cisco Catalyst 2960 Series
2288 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1430 background imageLoading...
Page #1430 background image
You can configure open authentication with these scenarios:
Single-host mode with open authenticationOnly one user is allowed network access before and after
authentication.
MDA mode with open authenticationOnly one user in the voice domain and one user in the data domain
are allowed.
Multiple-hosts mode with open authenticationAny host can access the network.
Multiple-authentication mode with open authenticationSimilar to MDA, except multiple hosts can be
authenticated.
If open authentication is configured, it takes precedence over other authentication
controls. This means that if you use the authentication open interface configuration
command, the port will grant access to the host irrespective of the authentication
port-control interface configuration command.
Note
Related Topics
Configuring Open1x, on page 1407
Multidomain Authentication
The switch supports multidomain authentication (MDA), which allows both a data device and voice device,
such as an IP phone (Cisco or non-Cisco), to authenticate on the same switch port. The port is divided into a
data domain and a voice domain.
For all host modes, the line protocol stays up before authorization when port-based authentication is
configured.
Note
MDA does not enforce the order of device authentication. However, for best results, we recommend that a
voice device is authenticated before a data device on an MDA-enabled port.
When migrating from Cisco Discovery Protocol bypass to next-generation authentication bypass, if single
or multi-host mode is used with an IP phone and one or more data devices, then move to multi-authentication
mode with next-generation authentication bypass that provides the session visibility advantage.
Note
Follow these guidelines for configuring MDA:
You must configure a switch port for MDA.
You must configure the voice VLAN for the IP phone when the host mode is set to multidomain.
Voice VLAN assignment on an MDA-enabled port is supported Cisco IOS Release 12.2(40)SE and
later.
To authorize a voice device, the AAA server must be configured to send a Cisco Attribute-Value (AV)
pair attribute with a value of device-traffic-class=voice. Without this value, the switch treats the voice
device as a data device.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1348
Information About 802.1x Port-Based Authentication

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Preview: Datasheet
Datasheet21 pages
Preview: Brochure & Specs
Brochure & Specs10 pages
Preview: Product Bulletin
Product Bulletin5 pages
Preview: Specifications
Specifications2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960 Series and is the answer not in the manual?

Cisco Catalyst 2960 Series Specifications

General IconGeneral
LayerLayer 2
Power over Ethernet (PoE)Available on some models
RAM128 MB
Flash Memory32 MB
MAC Address Table Size8000
Operating Temperature0°C to 45°C (32 to 113°F)
Ports24 or 48 x 10/100/1000

Related product manuals