EasyManua.ls Logo

Cisco Catalyst 4500 Series - Enabling Fallback Authentication

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
46-79
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Enabling Fallback Authentication
On a port in multiauthentication mode, either or both of MAB and web-based authentication can be
configured as fallback authentication methods for non-802.1X hosts (those that do not respond to
EAPOL). You can configure the order and priority of the authentication methods.
For detailed configuration information for MAB, see the “Configuring 802.1X with MAC
Authentication Bypass” section on page 46-62.
For detailed configuration information for web-based authentication, see Chapter 48, “Configuring
Web-Based Authentication.
Note When web-based authentication and other authentication methods are configured on an MDA or
multiauthentication port, downloadable ACL policies must be configured for all devices attached to that
port.
To enable fallback authentication, perform this task:
Command Purpose
Step 1
Switch(config)# ip admission name rule-name proxy
http
Configures an authentication rule for web-based
authentication.
Step 2
Switch(config)# fallback profile profile-name
Creates a fallback profile for web-based authentication.
Step 3
Switch(config-fallback-profile)# ip access-group
rule-name in
Specifies the default ACL to apply to network traffic
before web-based authentication.
Step 4
Switch(config-fallback-profile)# ip admission
name rule-name
Associates an IP admission rule with the profile and
specifies that a client connecting by web-based
authentication uses this rule.
Step 5
Switch(config-fallback-profile)# exit
Returns to global configuration mode.
Step 6
Switch(config)# interface type slot/port
Specifies the port to be configured and enters interface
configuration mode.
type = fastethernet, gigabitethernet, or
tengigabitethernet
Step 7
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication port-control
auto
Cisco IOS Release 12.2(46)SG or earlier releases
Switch(config-if)# dot1x port-control auto
Enables authentication on the port.
Step 8
Switch(config-if)# authentication order method1
[method2] [method3]
(Optional) Specifies the fallback order of authentication
methods to be used. The three values of method, in the
default order, are dot1x, mab, and webauth. The
specified order also determines the relative priority of the
methods for reauthentication (highest to lowest).
Step 9
Switch(config-if)# authentication priority
method1 [method2] [method3]
(Optional) Overrides the relative priority of
authentication methods to be used. The three values of
method, in the default order of priority, are dot1x, mab,
and webauth.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals