C H A P T E R 44 Configuring 802.1X Port-Based Authentication - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
About 802.1X Port-Based Authentication
802.1X support requires an authentication server that is configured for Remote Authentication Dial-In
Note
User Service (RADIUS). 802.1X authentication does not work unless the network access switch can
route packets to the configured RADIUS server. To verify that the switch can route packets, you must
ping the server from the switch.
Until a client is authenticated, only Extensible Authentication Protocol over LAN (EAPOL) traffic is
allowed using the port to which the client is connected. After authentication succeeds, normal traffic can
pass using the port.
To configure 802.1X port-based authentication, you need to understand the concepts in these sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Device Roles
With 802.1X port-based authentication, network devices have specific roles.
of each device, which is described below.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
44-2
Device Roles, page 44-2
802.1X and Network Access Control, page 44-3
Authentication Initiation and Message Exchange, page 44-4
Ports in Authorized and Unauthorized States, page 44-5
802.1X Host Mode, page 44-6
802.1X Violation Mode, page 44-8
Using MAC Move, page 44-9
Using MAC Replace, page 44-9
Using 802.1X with VLAN Assignment, page 44-10
Using 802.1X for Guest VLANs, page 44-11
Using 802.1X with MAC Authentication Bypass, page 44-12
Using 802.1X with Web-Based Authentication, page 44-14
Using 802.1X with Inaccessible Authentication Bypass, page 44-14
Using 802.1X with Unidirectional Controlled Port, page 44-15
Using 802.1X with VLAN User Distribution, page 44-16
Using 802.1X with Authentication Failed VLAN Assignment, page 44-17
Using 802.1X with Port Security, page 44-19
Using 802.1X Authentication with ACL Assignments and Redirect URLs, page 44-20
Using 802.1X with RADIUS-Provided Session Timeouts, page 44-21
Using 802.1X with Voice VLAN Ports, page 44-22
Using Multiple Domain Authentication and Multiple Authentication, page 44-22
802.1X Supplicant and Authenticator Switches with Network Edge Access Topology, page 44-24
How 802.1X Fails on a Port, page 44-25
Supported Topologies, page 44-25
Chapter 44
Configuring 802.1X Port-Based Authentication
Figure 44-1
shows the role
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
