EasyManuals Logo
Home>Cisco>Network Router>7609

Cisco 7609 User Manual

Cisco 7609
572 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #357 background imageLoading...
Page #357 background image
25-3
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication
Understanding 802.1X Port-Based Authentication
Authentication Initiation and Message Exchange
The router or the client can initiate authentication. If you enable authentication on a port by using the
dot1x port-control auto interface configuration command, the router must initiate authentication when
it determines that the port link state transitions from down to up. The router then sends an
EAP-request/identity frame to the client to request its identity (typically, the router sends an initial
identity/request frame followed by one or more requests for authentication information). When the client
receives the frame, it responds with an EAP-response/identity frame.
If the client does not receive an EAP-request/identity frame from the router during bootup, the client can
initiate authentication by sending an EAPOL-start frame, which prompts the router to request the clients
identity.
Note If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client
are dropped. If the client does not receive an EAP-request/identity frame after three attempts to start
authentication, the client transmits frames as if the port is in the authorized state. A port in the authorized
state effectively means that the client has been successfully authenticated. For more information, see the
Ports in Authorized and Unauthorized States section on page 25-4.
When the client supplies its identity, the router begins its role as the intermediary, passing EAP frames
between the client and the authentication server until authentication succeeds or fails. If the
authentication succeeds, the router port becomes authorized. For more information, see the Ports in
Authorized and Unauthorized States section on page 25-4.
The specific exchange of EAP frames depends on the authentication method being used. Figure 25-2
shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication
method with a RADIUS server.
Figure 25-2 Message Exchange
Client
Catalyst switch
or
Cisco Router
Port Authorized
Port Unauthorized
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/OTP
EAP-Response/OTP
EAP-Success
RADIUS Access-Request
RADIUS Access-Challenge
RADIUS Access-Request
RADIUS Access-Accept
EAPOL-Logoff
Authentication
server
(RADIUS)
79551

Table of Contents

Other manuals for Cisco 7609

Preview: Datasheet
Datasheet5 pages
Preview: Frequently Asked Questions
Frequently Asked Questions5 pages
Preview: Installing
Installing22 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 7609 and is the answer not in the manual?

Cisco 7609 Specifications

General IconGeneral
BrandCisco
Model7609
CategoryNetwork Router
LanguageEnglish

Related product manuals