Cisco Catalyst 3750-E - Page 316

Cisco Catalyst 3750-E

1414 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

10-32

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

OL-9775-08

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

Figure 10-6 Authenticator and Supplicant Switch using CISP

Guidelines

• You can configure NEAT ports with the same configurations as the other authentication ports. When

the supplicant switch authenticates, the port mode is changed from access to trunk based on the

switch vendor-specific attributes (VSAs). (

device-traffic-class=switch).

• The VSA changes the authenticator switch port mode from access to trunk and enables 802.1x trunk

encapsulation and the access VLAN if any would be converted to a native trunk VLAN. VSA does

not change any of the port configurations on the supplicant

• To change the host mode and the apply a standard port configuration on the authenticator switch

port, you can also use Auto Smartports user-defined macros, instead of the switch VSA. This allows

you to remove unsupported configurations on the authenticator switch port and to change the port

mode from access to trunk. For Auto Smartports macros, Auto Smartports Macros Configuration

Guide and Release Notes for Auto Smartports Macros.

For more information, see the “C

onfiguring an Authenticator and a Supplicant Switch with NEAT”

section on page 10-60.

Voice Aware 802.1x Security

You use the voice aware 802.1x security feature to configure the switch to disable only the VLAN on

which a security violation occurs, whether it is a data or voice VLAN. In previous releases, when an

attempt to authenticate the data client caused a security violation, the entire port shut down, resulting in

a complete loss of connectivity.

You can use this feature in IP phone deployments where a PC is connected to the IP phone. A security

vi

olation found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the

voice VLAN flows through the switch without interruption.

For information on configuring voice aware 802.1x security, see the “

Configuring Voice Aware 802.1x

Security” section on page 10-39.

1 Workstations (clients) 2 Supplicant switch (outside wiring closet)

3 Authenticator switch 4 Access control server (ACS)

5 Trunk port

205718

1

2 3

5

4

Table of Contents

Other manuals for Cisco Catalyst 3750-E

Getting Started Guide26 pages

Related product manuals

Preview: Cisco Catalyst 3750

Cisco Catalyst 3750

Preview: Cisco Catalyst 3750-X

Cisco Catalyst 3750-X

Preview: Cisco Catalyst 3750 Metro

Cisco Catalyst 3750 Metro

Cisco Catalyst 3750-E Series

Preview: Cisco Catalyst 3750-X Series

Cisco Catalyst 3750-X Series

Preview: Cisco Catalyst 3750G

Cisco Catalyst 3750G

3750G-12S - Catalyst Switch - Stackable

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco Catalyst 3850

Cisco Catalyst 3850

Preview: Cisco Catalyst 3650

Cisco Catalyst 3650

Preview: Cisco Catalyst 3550

Cisco Catalyst 3550

Preview: Cisco Catalyst 3850 series

Cisco Catalyst 3850 series