Supplicant switch (outside
wiring closet)
2Workstations (clients)1
Access control server (ACS)4Authenticator switch3
Trunk port5
The switchport nonegotiate command is not supported on supplicant and authenticator switches with
NEAT. This command should not be configured at the supplicant side of the topology. If configured on
the authenticator side, the internal macros will automatically remove this command from the port.
Note
Voice Aware 802.1x Security
To use voice aware IEEE 802.1x authentication, the switch must be running the LAN base image.Note
You use the voice aware 802.1x security feature to configure the switch to disable only the VLAN on which
a security violation occurs, whether it is a data or voice VLAN. In previous releases, when an attempt to
authenticate the data client caused a security violation, the entire port shut down, resulting in a complete loss
of connectivity.
You can use this feature in IP phone deployments where a PC is connected to the IP phone. A security violation
found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the voice VLAN
flows through the switch without interruption.
Related Topics
Configuring Voice Aware 802.1x Security, on page 1358
Common Session ID
Authentication manager uses a single session ID (referred to as a common session ID) for a client no matter
which authentication method is used. This ID is used for all reporting purposes, such as the show commands
and MIBs. The session ID appears with all per-session syslog messages.
The session ID includes:
•
The IP address of the Network Access Device (NAD)
•
A monotonically increasing unique 32 bit integer
•
The session start time stamp (a 32 bit integer)
This example shows how the session ID appears in the output of the show authentication command. The
session ID in this example is 160000050000000B288508E5:
Switch# show authentication sessions
Interface MAC Address Method Domain Status Session ID
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1351
Information About 802.1x Port-Based Authentication
To Next Page
Loading...
Need help?
General
