EasyManuals Logo
Home>Cisco>Switch>IE 3000

Cisco IE 3000 User Manual

Cisco IE 3000
760 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #220 background imageLoading...
Page #220 background image
10-18
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
You can configure a port to use only web authentication. You can also configure the port to first try and
use IEEE 802.1x authentication and then to use web authorization if the client does not support
IEEE
802.1x authentication.
Web authentication requires two Cisco Attribute-Value (AV) pair attributes:
The first attribute, priv-lvl=15, must always be set to 15. This sets the privilege level of the user
who is logging into the switch.
The second attribute is an access list to be applied for web authenticated hosts. The syntax is similar
to IEEE 802.1X per-user ACLs. However, instead of
ip:inacl, this attribute must begin with
proxyacl, and the source field in each entry must be any. (After authentication, the client IP
address replaces the
any field when the ACL is applied.)
For example:
proxyacl# 10=permit ip any 10.0.0.0 255.0.0.0
proxyacl# 20=permit ip any 11.1.0.0 255.255.0.0
proxyacl# 30=permit udp any any eq syslog
proxyacl# 40=permit udp any any eq tftp
Note The proxyacl entry determines the type of allowed network access.
For more information, see the “Configuring Web Authentication” section on page 10-38.
Web Authentication with Automatic MAC Check
You can use web authentication with automatic MAC check to authenticate a client that does not support
IEEE 802.1x or web browser functionality. This allows end hosts, such as printers, to automatically
authenticate by using the MAC address without any additional required configuration.
Web authentication with automatic MAC check only works in web authentication standalone mode. You
cannot use this if web authentication is configured as a fallback to IEEE 802.1x authentication.
The MAC address of the device must be configured in the Access Control Server (ACS) for the automatic
MAC check to succeed. The automatic MAC check allows managed devices, such as printers, to skip
web authentication.
Note The interoperability of web authentication (with automatic MAC check) and IEEE 802.1x MAC
authentication configured on different ports of the same switch is not supported.
Configuring IEEE 802.1x Authentication
These sections contain this configuration information:
Default IEEE 802.1x Authentication Configuration, page 10-19
IEEE 802.1x Authentication Configuration Guidelines, page 10-20
Configuring 802.1x Readiness Check, page 10-22(optional)
Configuring IEEE 802.1x Authentication, page 10-23(optional)
Configuring the Switch-to-RADIUS-Server Communication, page 10-24 (required)
Configuring the Host Mode, page 10-26 (optional)
Configuring Periodic Re-Authentication, page 10-26 (optional)

Table of Contents

Other manuals for Cisco IE 3000

Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Hardware Installation Guide
Hardware Installation Guide186 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IE 3000 and is the answer not in the manual?

Cisco IE 3000 Specifications

General IconGeneral
BrandCisco
ModelIE 3000
CategorySwitch
LanguageEnglish

Related product manuals