EasyManuals Logo

Cisco Catalyst 4500 Series Software Configuration Guide

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1377 background imageLoading...
Page #1377 background image
49-97
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Controlling Switch Access with RADIUS
RADIUS Operation
When a user attempts to log in and authenticate to a switch that is access controlled by a RADIUS server, these events occur:
1. The user is prompted to enter a username and password.
2. The username and encrypted password are sent over the network to the RADIUS server.
3. The user receives one of these responses from the RADIUS server:
a. ACCEPT—The user is authenticated.
b. REJECT—The user is either not authenticated and is prompted to re-enter the username and password, or access is
denied.
c. CHALLENGE—A challenge requires additional data from the user.
d. CHALLENGE PASSWORD—A response requests the user to select a new password.
The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or network authorization.
Users must first successfully complete RADIUS authentication before proceeding to RADIUS authorization, if it is enabled.
The additional data included with the ACCEPT or REJECT packets includes these items:
• Telnet, SSH, rlogin, or privileged EXEC services
• Connection parameters, including the host or client IP address, access list, and user timeouts
RADIUS Change of Authorization
This section provides an overview of the RADIUS interface including available primitives and how they are used during a
Change of Authorization (CoA).
• Overview, page 49-97
• Change-of-Authorization Requests, page 49-98
• CoA Request Response Code, page 49-99
• CoA Request Commands, page 49-100
• Session Reauthentication, page 49-100
• Displaying 802.1X Statistics and Status, page 49-123
Overview
A standard RADIUS interface is typically used in a pulled model where the request originates from a network attached device
and the response come from the queried servers. Catalyst switches support the RADIUS Change of Authorization (CoA)
extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic reconfiguring of sessions
from external authentication, authorization, and accounting (AAA) or policy servers.
The switch supports these per-session CoA requests:
• Session reauthentication
• Session termination
• Session termination with port shut down
• Session termination with port bounce
The RADIUS interface is enabled by default on Catalyst switches.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals