31-11
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
Chapter 31 Understanding and Configuring 802.1X Port-Based Authentication
How to Configure 802.1X
Figure 31-4 illustrates 802.1X port-based authentication in a wireless LAN. You must configure the
802.1X port as a multiple-host port that is authorized as a wireless access point once the client is
authenticated. (See the “Enabling Multiple Hosts” section on page 31-21.) When the port is authorized,
all other hosts that are indirectly attached to the port are granted access to the network. If the port
becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the switch
denies access to the network for all wireless access point-attached clients. In this topology, the wireless
access point is responsible for authenticating clients attached to it, and the wireless access point acts as
a client to the switch.
Figure 31-4 Wireless LAN Example
How to Configure 802.1X
These sections describe how to configure 802.1X:
• Default 802.1X Configuration, page 31-12
• 802.1X Configuration Guidelines, page 31-13
• Enabling 802.1X Authentication, page 31-13 (required)
• Configuring Switch-to-RADIUS-Server Communication, page 31-15 (required)
• Enabling 802.1X Accounting, page 31-16
• Configuring 802.1X with Guest VLANs, page 31-17
• Configuring 802.1X with Voice VLAN, page 31-18
• Enabling Periodic Reauthentication, page 31-18 (optional)
• Manually Reauthenticating a Client Connected to a Port, page 31-19 (optional)
• Changing the Quiet Period, page 31-19 (optional)
• Changing the Switch-to-Client Retransmission Time, page 31-20 (optional)
• Setting the Switch-to-Client Frame-Retransmission Number, page 31-21 (optional)
• Enabling Multiple Hosts, page 31-21 (optional)
• Resetting the 802.1X Configuration to the Default Values, page 31-22 (optional)
Wireless
clients
Wireless
access point
Catalyst 4500 Network
Access Switch
RADIUS
94160
Authenticator Authentication server
Supplicants
To Next Page
Loading...
Need help?
General
