Upgrading From A Previous Software Release - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (544 pages)
Table of Contents
Advertisement
Chapter 9
Configuring IEEE 802.1x Port-Based Authentication
•
•
•
•
•
•
•
Upgrading from a Previous Software Release
In Cisco IOS Release 12.1(14)EA1, the implementation for IEEE 802.1x changed from the previous
release. Some global configuration commands became interface configuration commands, and new
commands were added.
If you have IEEE 802.1x configured on the switch and you upgrade to Cisco IOS Release 12.1(14)EA1
or later, the configuration file will not contain the new commands, and IEEE 802.1x will not operate.
After the upgrade is complete, make sure to globally enable IEEE 802.1x by using the dot1x
system-auth-control global configuration command. If IEEE 802.1x was running in multiple-hosts
mode on an interface in the previous release, make sure to reconfigure it by using the dot1x host-mode
multi-host interface configuration command.
78-11380-12
IEEE Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) destination ports—You can
–
enable IEEE 802.1x on a port that is a SPAN destination, an RSPAN destination, or an RSPAN
reflector port. However, IEEE 802.1x is disabled until the port is removed as a SPAN
destination, an RSPAN destination, or an RSPAN reflector port. You can enable IEEE 802.1x
on a SPAN or RSPAN source port.
LRE switch ports—802.1x is not supported on an LRE switch interface that is connected to a
–
Cisco 585 LRE CPE device.
You can configure any VLAN, except an RSPAN VLAN or a voice VLAN, as an IEEE 802.1x guest
VLAN. The guest VLAN feature is not supported on trunk ports; it is supported only on access ports.
When IEEE 802.1x is enabled on a port, you cannot configure a port VLAN that is equal to a voice
VLAN.
The IEEE 802.1x with VLAN assignment feature is not supported on trunk ports, dynamic ports, or
with dynamic-access port assignment through a VMPS.
Before globally enabling IEEE 802.1x on a switch by entering the dot1x system-auth-control
global configuration command, remove the EtherChannel configuration from the interfaces on
which IEEE 802.1x and EtherChannel are configured.
If you are using a device running the Cisco Access Control Server (ACS) application for IEEE
802.1x authentication with EAP-Transparent LAN Services (TLS) and EAP-MD5 and your switch
is running Cisco IOS Release 12.1(14)EA1, make sure that the device is running ACS Version 3.2.1
or later.
After you configure a guest VLAN for an IEEE 802.1x port to which a DHCP client is connected,
you might need to get a host IP address from a DHCP server. You can also change the settings for
restarting the IEEE 802.1x authentication process on the switch before the DHCP process on the
client times out and tries to get a host IP address from the DHCP server. Decrease the settings for
the IEEE 802.1x authentication process (IEEE 802.1x quiet period and switch-to-client transmission
time).
When a PC is attached to a switch through a hub, is authenticated on an IEEE 802.1x multiple-hosts
port, is moved to another port, and is then attached through another hub, the switch does not
authenticate the PC. The workaround is to decrease the number of seconds between
re-authentication attempts by entering the dot1x timeout reauth-period seconds interface
configuration command.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Configuring IEEE 802.1x Authentication
9-13
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
