CHAPTER
31-1
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
31
Understanding and Configuring 802.1X
Port-Based Authentication
This chapter describes how to configure IEEE 802.1X port-based authentication to prevent unauthorized
client devices from gaining access to the network.
This chapter includes the following major sections:
• Understanding 802.1X Port-Based Authentication, page 31-1
• How to Configure 802.1X, page 31-11
• Displaying 802.1X Statistics and Status, page 31-22
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the
Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm.
Understanding 802.1X Port-Based Authentication
To configure 802.1X port-based authentication, you need to understand the concepts in these sections:
• Device Roles, page 31-2
• Authentication Initiation and Message Exchange, page 31-3
• Ports in Authorized and Unauthorized States, page 31-4
• Using 802.1X with VLAN Assignment, page 31-5
• Using 802.1X Authentication for Guest VLANs, page 31-6
• Using 802.1X with Port Security, page 31-6
• 802.1X RADIUS Accounting, page 31-7
• Using 802.1X with Voice VLAN Ports, page 31-10
• Supported Topologies, page 31-10
Note 802.1X support requires an authentication server that is configured for Remote Authentication Dial-In
User Service (RADIUS). 802.1X authentication does not work unless the network access switch can
route packets to the configured authentication RADIUS server. To verify that the switch can route
packets, you must ping the server from the switch.
To Next Page
Loading...
Need help?
General
