200
Configuring IEEE 802.1x Port-Based Authentication
Information About Configuring IEEE 802.1x Port-Based Authentication
802.1x Accounting Attribute-Value Pairs
The information sent to the RADIUS server is represented in the form of Attribute-Value (AV) pairs. These AV pairs
provide data for different applications. (For example, a billing application might require information that is in the
Acct-Input-Octets or the Acct-Output-Octets attributes of a RADIUS packet.)
AV pairs are automatically sent by a switch that is configured for 802.1x accounting. Three types of RADIUS accounting
packets are sent by a switch:
START—Sent when a new user session starts
INTERIM—Sent during an existing session for updates
STOP—Sent when a session terminates
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC
command.
For more information about AV pairs, see RFC 3580, “802.1x Remote Authentication Dial In User Service (RADIUS)
Usage Guidelines.”
802.1x Readiness Check
The 802.1x readiness check monitors 802.1x activity on all the switch ports and displays information about the devices
connected to the ports that support 802.1x. You can use this feature to determine if the devices connected to the switch
ports are 802.1x-capable. You use an alternate authentication such as MAC authentication bypass or web authentication
for the devices that do not support 802.1x functionality.
This feature only works if the supplicant on the client supports a query with the NOTIFY EAP notification packet. The client
must respond within the 802.1x timeout value.
Attribute Number AV Pair Name START INTERIM STOP
Attribute[1] User-Name Always Always Always
Attribute[4] NAS-IP-Address Always Always Always
Attribute[5] NAS-Port Always Always Always
Attribute[8] Framed-IP-Address Never Sometimes
1
1. The Framed-IP-Address AV pair is sent only if a valid Dynamic Host Control Protocol (DHCP) binding exists for the
host in the DHCP snooping bindings table.
Sometimes
1
Attribute[25] Class Always Always Always
Attribute[30] Called-Station-ID Always Always Always
Attribute[31] Calling-Station-ID Always Always Always
Attribute[40] Acct-Status-Type Always Always Always
Attribute[41] Acct-Delay-Time Always Always Always
Attribute[42] Acct-Input-Octets Never Always Always
Attribute[43] Acct-Output-Octets Never Always Always
Attribute[44] Acct-Session-ID Always Always Always
Attribute[45] Acct-Authentic Always Always Always
Attribute[46] Acct-Session-Time Never Always Always
Attribute[49] Acct-Terminate-Cause Never Never Always
Attribute[61] NAS-Port-Type Always Always Always
To Next Page
Loading...
Need help?
General
