EasyManuals Logo
Home>Cisco>Switch>Catalyst 2960-X

Cisco Catalyst 2960-X User Manual

Cisco Catalyst 2960-X
498 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #288 background imageLoading...
Page #288 background image
TACACS is not supported with 802.1x authentication.Note
Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over
LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port
to which the client is connected. After authentication is successful, normal traffic can pass through the port.
For complete syntax and usage information for the commands used in this chapter, see the RADIUS
Commands section in the Cisco IOS Security Command Reference, Release 3SE
Note
Port-Based Authentication Process
To configure IEEE 802.1X port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.
The AAA process begins with authentication. When 802.1x port-based authentication is enabled and the client
supports 802.1x-compliant client software, these events occur:
If the client identity is valid and the 802.1x authentication succeeds, the switch grants the client access
to the network.
If 802.1x authentication times out while waiting for an EAPOL message exchange and MAC
authentication bypass is enabled, the switch can use the client MAC address for authorization. If the
client MAC address is valid and the authorization succeeds, the switch grants the client access to the
network. If the client MAC address is invalid and the authorization fails, the switch assigns the client
to a guest VLAN that provides limited services if a guest VLAN is configured.
If the switch gets an invalid identity from an 802.1x-capable client and a restricted VLAN is specified,
the switch can assign the client to a restricted VLAN that provides limited services.
If the RADIUS authentication server is unavailable (down) and inaccessible authentication bypass is
enabled, the switch grants the client access to the network by putting the port in the critical-authentication
state in the RADIUS-configured or the user-specified access VLAN.
Inaccessible authentication bypass is also referred to as critical authentication or the
AAA fail policy.
Note
If Multi Domain Authentication (MDA) is enabled on a port, this flow can be used with some exceptions that
are applicable to voice authorization.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
264 OL-29048-01
Configuring IEEE 802.1x Port-Based Authentication
Port-Based Authentication Process

Table of Contents

Other manuals for Cisco Catalyst 2960-X

Preview: Command Reference
Command Reference134 pages
Preview: Hardware Installation Guide
Hardware Installation Guide102 pages
Preview: Configuration Guide
Configuration Guide118 pages
Preview: Getting Started Guide
Getting Started Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960-X and is the answer not in the manual?

Cisco Catalyst 2960-X Specifications

General IconGeneral
Console portRJ-45
USB 2.0 ports quantity2
SFP module slots quantity4
Installed SFP modules quantity-
Gigabit Ethernet (copper) ports quantity48
Basic switching RJ-45 Ethernet ports typeGigabit Ethernet (10/100/1000)
Power sourceAC
Input current5 A
AC input voltage100 - 240 V
Power consumption (typical)60.9 W
Number of power supply units1
Redundant power supply (RPS) supportYes
Operating altitude0 - 3000 m
Non-operating altitude0 - 4000 m
Storage temperature (T-T)-25 - 70 °C
Operating temperature (T-T)-5 - 40 °C
Operating relative humidity (H-H)10 - 95 %
Switching protocolsUDP, TCP, RADIUS/TACACS+
Number of VLANs1023
Networking standardsIEEE 802.1ab, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q, IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3, IEEE 802.3ab, IEEE 802.3ad, IEEE 802.3ae, IEEE 802.3af, IEEE 802.3ah, IEEE 802.3at, IEEE 802.3az, IEEE 802.3u, IEEE 802.3x, IEEE 802.3z
Throughput107.1 Mpps
Jumbo frames9216
Number of queues8
MAC address table16000 entries
Number of static routes1000
DHCP featuresDHCP server
AuthenticationMAC-based authentication, Port-based authentication
Security algorithms802.1x RADIUS, SNMP, SSH
Access Control List (ACL) rules3
Switch typeManaged
Switch layerL2/L3
SafetyUL 60950-1, CAN/CSA-C22.2 No. 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950-1
Form factor1U
Product colorBlack
Total Power over Ethernet (PoE) budget370 W
Power over Ethernet (PoE) ports quantity24
Power over Ethernet plus (PoE+) ports quantity12
Memory typeDRAM
Noise level39 dB
Flash memory128 MB
Internal memory512 MB
Processor frequency600 MHz
Mean time between failures (MTBF)276870 h
Weight and Dimensions IconWeight and Dimensions
Depth368 mm
Width445 mm
Height45 mm
Weight5800 g

Related product manuals