49-77
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Figure 49-16 User Set Up
Note The procedure is the same for voice devices except that the AAA server must be configured to send a
Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice.
Enabling Fallback Authentication
On a port in multiauthentication mode, either or both of MAB and web-based authentication can be configured as fallback
authentication methods for non-802.1X hosts (those that do not respond to EAPOL). You can configure the order and priority
of the authentication methods.
For detailed configuration information for MAB, see the “Configuring 802.1X with MAC Authentication Bypass” section on
page 49-60.
For detailed configuration information for web-based authentication, see Chapter 52, “Configuring Web-Based
Authentication.”
Note When web-based authentication and other authentication methods are configured on an MDA or
multiauthentication port, downloadable ACL policies must be configured for all devices attached to that
port.
To enable fallback authentication, perform this task:
Command Purpose
Step 1
Switch(config)# ip admission name rule-name proxy
http
Configures an authentication rule for web-based
authentication.
Step 2
Switch(config)# fallback profile profile-name
Creates a fallback profile for web-based authentication.
To Next Page
Loading...
