EasyManuals Logo

Cisco Catalyst 2960-XR User Manual

Cisco Catalyst 2960-XR
404 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #262 background imageLoading...
Page #262 background image
the port. After the host is authenticated, the policies configured on the RADIUS server are applied to that
host.
You can configure open authentication with these scenarios:
Single-host mode with open authenticationOnly one user is allowed network access before and after
authentication.
MDA mode with open authenticationOnly one user in the voice domain and one user in the data domain
are allowed.
Multiple-hosts mode with open authenticationAny host can access the network.
Multiple-authentication mode with open authenticationSimilar to MDA, except multiple hosts can be
authenticated.
If open authentication is configured, it takes precedence over other authentication
controls. This means that if you use the authentication open interface configuration
command, the port will grant access to the host irrespective of the authentication
port-control interface configuration command.
In Session Aware Networking mode, to enable open authentication, use no access-session
closed. To disable open authentication, use access-session closed.
Note
Related Topics
Configuring Open1x, on page 295
Multidomain Authentication
The switch supports multidomain authentication (MDA), which allows both a data device and voice device,
such as an IP phone (Cisco or non-Cisco), to authenticate on the same switch port. The port is divided into a
data domain and a voice domain.
MDA does not enforce the order of device authentication. However, for best results, we recommend that a
voice device is authenticated before a data device on an MDA-enabled port.
Follow these guidelines for configuring MDA:
You must configure a switch port for MDA.
You must configure the voice VLAN for the IP phone when the host mode is set to multidomain.
Voice VLAN assignment on an MDA-enabled port is supported.
You can assign a dynamic VLAN to a voice device on an MDA-enabled switch port,
but the voice device fails authorization if a static voice VLAN configured on the
switchport is the same as the dynamic VLAN assigned for the voice device in the
RADIUS server.
Note
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
240 OL-29434-01
Configuring IEEE 802.1x Port-Based Authentication
Multidomain Authentication

Table of Contents

Other manuals for Cisco Catalyst 2960-XR

Preview: Reference
Reference52 pages
Preview: Configuration Guide
Configuration Guide196 pages
Preview: Configuration Guides
Configuration Guides120 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960-XR and is the answer not in the manual?

Cisco Catalyst 2960-XR Specifications

General IconGeneral
Stacking Bandwidth80 Gbps
Layer SupportLayer 2 and Layer 3
Jumbo Frame Support9198 bytes
RAM512 MB
Input Voltage100-240V AC
ModelCatalyst 2960-XR
Uplink Interfaces4 x 1G SFP or 2 x 10G SFP+
Downlink Interfaces24 or 48 x Gigabit Ethernet ports
Power SupplyInternal
MAC Address Table Size16, 000 entries
PoEAvailable on PoE models
Weight4.5 kg
Featuresenergy efficiency
StackingUp to 8 switches
Operating Temperature0 to 45°C

Related product manuals