Table of Contents
Advertisement
Chapter 1
Overview
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
•
access to the network. These features are supported:
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
MAC authentication bypass to authorize clients based on the client MAC address.
•
"Configuring NAC Layer 2 802.1x Validation" section on page
•
(NAC) features:
–
–
OL-13270-06
Multidomain authentication (MDA) to allow both a data device and a voice device, such as an
IP phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled
switch port
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
Support for VLAN assignment on a port configured for multi-auth mode. The RADIUS server
assigns a VLAN to the first host to authenticate on the port, and subsequent hosts use the same
VLAN. Voice VLAN assignment is supported for one IP phone
Port security for controlling access to IEEE 802.1x ports
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
IP phone detection enhancement to detect and recognize a Cisco IP phone
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do
not have the credentials to authenticate via the standard IEEE 802.1x processes
IEEE 802.1x accounting to track network usage
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt
of a specific Ethernet frame
Voice aware IEEE 802.1x and MAC authentication bypass (MAB) security violation to shut
down only the data VLAN on a port when a security violation occurs
IEEE 802.1x readiness check to determine the readiness of connected end hosts before
configuring IEEE 802.1x on the switch
Network Edge Access Topology (NEAT) with 802.1x switch supplicant, host authorization with
Client Information Signalling Protocol (CISP), and auto enablement to authenticate a switch
outside a wiring closet as a supplicant to another switch
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems
or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the
NAC Layer 2 802.1x Validation" section on page
NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access.
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
9-58Network Admission Control
9-58.
Features
"Configuring
1-11
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
