Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-12

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

To avoid loss of connectivity to the RADIUS server, you should ensure that there is a redundant

connection to it. For example, you can have a redundant connection to the stack master and another to a

stack member, and if the stack master fails, the switch stack still has connectivity to the RADIUS server.

802.1x Host Mode

You can configure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode (see

Figure 1-1 on page 1-2), only one client can be connected to the 802.1x-enabled switch port. The switch

detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client

leaves or is replaced with another client, the switch changes the port link state to down, and the port

returns to the unauthorized state.

In multiple-hosts mode, you can attach multiple hosts to a single 802.1x-enabled port. Figure 1-5 on

page 1-12 shows 802.1x port-based authentication in a wireless LAN. In this mode, only one of the

attached clients must be authorized for all clients to be granted network access. If the port becomes

unauthorized (re-authentication fails or an EAPOL-logoff message is received), the switch denies

network access to all of the attached clients. In this topology, the wireless access point is responsible for

authenticating the clients attached to it, and it also acts as a client to the switch.

Figure 1-5 Multiple Host Mode Example

Note For all host modes, the line protocol stays up before authorization when port-based authentication is

configured.

802.1x Multiple Authentication Mode

Multiple-authentication (multiauth) mode allows one client on the voice VLAN and multiple

authenticated clients on the data VLAN. When a hub or access point is connected to an 802.1x-enabled

port, multiple-authentication mode provides enhanced security over multiple-hosts mode by requiring

authentication of each connected client. For non-802.1x devices, you can use MAC authentication

bypass or web authentication as the fallback method for individual host authentications to authenticate

different hosts through by different methods on a single port.

Multiple-authentication mode also supports MDA functionality on the voice VLAN by assigning

authenticated devices to either a data or voice VLAN, depending on the VSAs received from the

authentication server.

101227

Wireless clients

Access point

Authentication

server

(RADIUS)

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)