Chapter 8
Configuring 802.1X Port-Based Authentication
Supported Topologies
The 802.1X port-based authentication is supported in two topologies:
•
•
In a point-to-point configuration (see
802.1X-enabled switch port. The switch detects the client when the port link state changes to the up state.
If a client leaves or is replaced with another client, the switch changes the port link state to down, and
the port returns to the unauthorized state.
Figure 8-3
as a multiple-host port that becomes authorized as soon as one client is authenticated. When the port is
authorized, all other hosts indirectly attached to the port are granted access to the network. If the port
becomes unauthorized (re-authentication fails or an EAPOL-logoff message is received), the switch
denies access to the network to all of the attached clients. In this topology, the wireless access point is
responsible for authenticating the clients attached to it, and the wireless access point acts as a client to
the switch.
Figure 8-3
Wireless clients
Configuring 802.1X Authentication
These sections describe how to configure 802.1X port-based authentication on your switch:
•
•
•
•
•
•
•
•
•
•
•
78-14982-01
Point-to-point
Wireless LAN
shows 802.1X port-based authentication in a wireless LAN. The 802.1X port is configured
Wireless LAN Example
Access point
Default 802.1X Configuration, page 8-6
Figure 8-1 on page
8-2), only one client can be connected to the
Catalyst 2950 or
3550 switch
(required)
(optional)
(optional)
(optional)
Catalyst 2950 Desktop Switch Software Configuration Guide
Configuring 802.1X Authentication
Authentication
server
(RADIUS)
(required)
(optional)
(optional)
(optional)
(optional)
8-5