EasyManua.ls Logo

Cisco WS-C6506

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
40-6
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 40 Configuring 802.1X Authentication
Understanding How 802.1X Authentication Works
Authentication Server
The frames that are exchanged between the authenticator and the authentication server are dependent on
the authentication mechanism, so they are not defined by 802.1X. You can use other protocols, but we
recommend that you use RADIUS for authentication, particularly when the authentication server is
located remotely, because RADIUS has extensions that support the encapsulation of EAP frames built
into it.
802.1X Parameters Configurable on the Switch
You can configure these 802.1X parameters on the switch:
Specify Force-Authorized, Force-Unauthorized, or Automatic 802.1X port control
Specify single authentication, multiple authentication, and multiple host authentication
Enable or disable system authentication control
Specify the quiet time interval
Specify the authenticator to host retransmission time interval
Specify the back-end authenticator to host retransmission time interval
Specify the back-end authenticator to authentication server retransmission time interval
Specify the number of frames that are retransmitted from the back-end authenticator to the host
Specify the automatic host reauthentication time interval
Specify the port shutdown timeout period after a security violation
Enable or disable automatic host reauthentication
In Flow control only on incoming frames in an unauthorized switch port.
Port Single point of attachment to the LAN infrastructure (for example,
MAC bridge ports).
PAE Port access entity protocol object that is associated with a specific
system port.
PDU Protocol data unit.
RADIUS Remote Access Dial-In User Service.
Supplicant
3
PAE Entity that requests access to the LAN/switch services and responds
to the information requests from the authenticator.
Unauthorized state Status of the port before the supplicant PAE is authorized.
Uncontrolled port Unsecured access point that allows the uncontrolled exchange of
PDUs.
1. PAE = port access entity
2. EAPOL = Extensible Authorization Protocol over LAN
3. 802.1X uses the term supplicant for client or host. This publication uses host instead of supplicant because host is used in the
Catalyst 6500 series CLI syntax.
Table 40-1 802.1X Terminology (continued)
Term Definition

Table of Contents

Related product manuals