EasyManuals Logo

Cisco Catalyst 4500 Series Software Configuration Guide

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1376 background imageLoading...
Page #1376 background image
49-96
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS clients run on
supported Cisco routers and switches. Clients send authentication requests to a central RADIUS server, which contains all user
authentication and network service access information. The RADIUS host is normally a multiuser system running RADIUS
server software from Cisco (Cisco Secure Access Control Server Version 3.0), Livingston, Merit, Microsoft, or another
software provider. For more information, see the RADIUS server documentation.
Use RADIUS in these network environments that require access security:
• Networks with multiple-vendor access servers, each supporting RADIUS. For example, access servers from several
vendors use a single RADIUS server-based security database. In an IP-based network with multiple vendors’ access
servers, dial-in users are authenticated through a RADIUS server that has been customized to work with the Kerberos
security system.
• Turnkey network security environments in which applications support the RADIUS protocol, such as in an access
environment that uses a smart card access control system. In one case, RADIUS has been used with Enigma’s security
cards to validates users and to grant access to network resources.
• Networks already using RADIUS. You can add a Cisco switch containing a RADIUS client to the network. This might be
the first step when you make a transition to a TACACS+ server. See Figure 49-18 on page 49-96.
• Network in which the user must only access a single service. Using RADIUS, you can control user access to a single host,
to a single utility such as Telnet, or to the network through a protocol such as IEEE 802.1X.
• Networks that require resource accounting. You can use RADIUS accounting independently of RADIUS authentication or
authorization. The RADIUS accounting functions allow data to be sent at the start and end of services, showing the amount
of resources (such as time, packets, bytes, and so forth) used during the session. An Internet service provider might use a
freeware-based version of RADIUS access control and accounting software to meet special security and billing needs.
RADIUS is not suitable in these network security situations:
• Multiprotocol access environments. RADIUS does not support AppleTalk Remote Access (ARA), NetBIOS Frame Control
Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or X.25 PAD connections.
• Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be used
to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication.
• Networks using a variety of services. RADIUS generally binds a user to one service model.
Figure 49-18 Transitioning from RADIUS to TACACS+ Services
86891
RADIUS
server
RADIUS
server
TACACS+
server
TACACS+
server
R1
R2
T1
T2
Remote
PC
Workstation

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals