EasyManuals Logo

Cisco Catalyst 3560-X User Manual

Cisco Catalyst 3560-X
1538 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #300 background imageLoading...
Page #300 background image
1-12
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
To avoid loss of connectivity to the RADIUS server, you should ensure that there is a redundant
connection to it. For example, you can have a redundant connection to the stack master and another to a
stack member, and if the stack master fails, the switch stack still has connectivity to the RADIUS server.
802.1x Host Mode
You can configure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode (see
Figure 1-1 on page 1-2), only one client can be connected to the 802.1x-enabled switch port. The switch
detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client
leaves or is replaced with another client, the switch changes the port link state to down, and the port
returns to the unauthorized state.
In multiple-hosts mode, you can attach multiple hosts to a single 802.1x-enabled port. Figure 1-5 on
page 1-12 shows 802.1x port-based authentication in a wireless LAN. In this mode, only one of the
attached clients must be authorized for all clients to be granted network access. If the port becomes
unauthorized (re-authentication fails or an EAPOL-logoff message is received), the switch denies
network access to all of the attached clients. In this topology, the wireless access point is responsible for
authenticating the clients attached to it, and it also acts as a client to the switch.
Figure 1-5 Multiple Host Mode Example
Note For all host modes, the line protocol stays up before authorization when port-based authentication is
configured.
802.1x Multiple Authentication Mode
Multiple-authentication (multiauth) mode allows one client on the voice VLAN and multiple
authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1x-enabled
port, multiple-authentication mode provides enhanced security over multiple-hosts mode by requiring
authentication of each connected client. For non-802.1x devices, you can use MAC authentication
bypass or web authentication as the fallback method for individual host authentications to authenticate
different hosts through by different methods on a single port.
Multiple-authentication mode also supports MDA functionality on the voice VLAN by assigning
authenticated devices to either a data or voice VLAN, depending on the VSAs received from the
authentication server.
101227
Wireless clients
Access point
Authentication
server
(RADIUS)

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General IconGeneral
Enclosure TypeRack-mountable - 1U
SubtypeGigabit Ethernet
Ports48 x 10/100/1000 + 4 x SFP
Flash Memory64 MB
Power DeviceInternal power supply
Voltage RequiredAC 120/230 V (50/60 Hz)
Operating SystemCisco IOS
Device TypeSwitch
PerformanceSwitching capacity: 128 Gbps
Jumbo Frame SupportYes
Routing ProtocolRIP-1, RIP-2, EIGRP
Remote Management ProtocolSNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
FeaturesDHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
StackingStackable
Security FeaturesSSH, RADIUS, TACACS+
ManagementCLI
Dimensions (H x W x D)17.5 in
Operating Temperature32 to 113 °F (0 to 45 °C)
Humidity10 - 95% (non-condensing)

Related product manuals