10-7
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Figure 10-4 Message Exchange During MAC Authentication Bypass
Authentication Manager
In Cisco IOS Release 12.2(46)SE and earlier, you could not use the same authorization methods, including
CLI commands and messages, on this switch and also on other network devices, such as a Catalyst 6000.
You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports
the same authorization methods on all Catalyst switches in a network.
Cisco IOS Release 12.2(55)SE supports filtering verbose system messages from the authentication
manager. For details, see the “Authentication Manager CLI Commands” section on page 10-9.
• Port-Based Authentication Methods, page 10-7
• Per-User ACLs and Filter-Ids, page 10-8
• Authentication Manager CLI Commands, page 10-9
Port-Based Authentication Methods
Table 10-1 lists the authentication methods supported in these host modes:
• Single host–Only one data or voice host (client) can be authenticated on a port.
• Multiple host–Multiple data hosts can be authenticated on the same port. (If a port becomes
unauthorized in multiple-host mode, the switch denies network access to all of the attached clients.)
• Multidomain authentication (MDA) –Both a data device and voice device can be authenticated on
the same switch port. The port is divided into a data domain and a voice domain.
• Multiple authentication–Multiple hosts can authenticate on the data VLAN. This mode also allows
one client on the VLAN if a voice VLAN is configured.
141681
Client
Switch
EAPOL Request/Identity
EAPOL Request/Identity
EAPOL Request/Identity
RADIUS Access/Request
RADIUS Access/Accept
Ethernet packet
Authentication
server
(RADIUS)
To Next Page
Loading...
Need help?
General
