1-36
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Figure 1-7 Device Sensor and Clients
Client notifications and accounting messages that contain profiling data and other session-related data
are generated and sent to the internal clients and the ISE. By default, client notifications and accounting
events are generated only when an incoming packet includes a Type-Length-Value (TLV) that has not
previously been received within a given access session. You can enable client notifications and
accounting events for TLV changes; that is, when a previously received TLV is received with a different
value.
Device Sensor port security protects the switch from consuming memory and failing during deliberate
or unintentional denial-of-service (DoS)-type attacks.
Guidelines
• Device Sensor limits the maximum number of device monitoring sessions to 32 per port.
• In the case of lack of activity from hosts, the age session limit is 12 hours.
• The length of one TLV must not be more than 1024 and the total length of TLVs (combined length
of TLVs) of all protocols must not be more than 4096.
• Device Sensor profiles devices that are only one hop away.
• Only CDP, LLDP, and DHCP protocols are supported.
• To troubleshoot Device Sensor, use the debug device-sensor and the debug authentication all
privileged EXEC commands.
For more information, see the “Configuring Device Sensor” section on page 1-54.
To Next Page
Loading...
