EasyManuals Logo
Home>Cisco>Switch>Catalyst 2960-X

Cisco Catalyst 2960-X User Manual

Cisco Catalyst 2960-X
498 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #310 background imageLoading...
Page #310 background image
Inaccessible Authentication Bypass Authentication Results
The behavior of the inaccessible authentication bypass feature depends on the authorization state of the port:
If the port is unauthorized when a host connected to a critical port tries to authenticate and all servers
are unavailable, the switch puts the port in the critical-authentication state in the RADIUS-configured
or user-specified access VLAN.
If the port is already authorized and reauthentication occurs, the switch puts the critical port in the
critical-authentication state in the current VLAN, which might be the one previously assigned by the
RADIUS server.
If the RADIUS server becomes unavailable during an authentication exchange, the current exchange
times out, and the switch puts the critical port in the critical-authentication state during the next
authentication attempt.
You can configure the critical port to reinitialize hosts and move them out of the critical VLAN when the
RADIUS server is again available. When this is configured, all critical ports in the critical-authentication state
are automatically re-authenticated.
Inaccessible Authentication Bypass Feature Interactions
Inaccessible authentication bypass interacts with these features:
Guest VLANInaccessible authentication bypass is compatible with guest VLAN. When a guest VLAN
is enabled on 8021.x port, the features interact as follows:
If at least one RADIUS server is available, the switch assigns a client to a guest VLAN when the
switch does not receive a response to its EAP request/identity frame or when EAPOL packets are
not sent by the client.
If all the RADIUS servers are not available and the client is connected to a critical port, the switch
authenticates the client and puts the critical port in the critical-authentication state in the
RADIUS-configured or user-specified access VLAN.
If all the RADIUS servers are not available and the client is not connected to a critical port, the
switch might not assign clients to the guest VLAN if one is configured.
If all the RADIUS servers are not available and if a client is connected to a critical port and was
previously assigned to a guest VLAN, the switch keeps the port in the guest VLAN.
Restricted VLANIf the port is already authorized in a restricted VLAN and the RADIUS servers are
unavailable, the switch puts the critical port in the critical-authentication state in the restricted VLAN.
802.1x accountingAccounting is not affected if the RADIUS servers are unavailable.
Private VLANYou can configure inaccessible authentication bypass on a private VLAN host port.
The access VLAN must be a secondary private VLAN.
Voice VLANInaccessible authentication bypass is compatible with voice VLAN, but the
RADIUS-configured or user-specified access VLAN and the voice VLAN must be different.
Remote Switched Port Analyzer (RSPAN)Do not configure an RSPAN VLAN as the
RADIUS-configured or user-specified access VLAN for inaccessible authentication bypass.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
286 OL-29048-01
Configuring IEEE 802.1x Port-Based Authentication
802.1x Authentication with Inaccessible Authentication Bypass

Table of Contents

Other manuals for Cisco Catalyst 2960-X

Preview: Command Reference
Command Reference134 pages
Preview: Hardware Installation Guide
Hardware Installation Guide102 pages
Preview: Configuration Guide
Configuration Guide118 pages
Preview: Getting Started Guide
Getting Started Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960-X and is the answer not in the manual?

Cisco Catalyst 2960-X Specifications

General IconGeneral
Console portRJ-45
USB 2.0 ports quantity2
SFP module slots quantity4
Installed SFP modules quantity-
Gigabit Ethernet (copper) ports quantity48
Basic switching RJ-45 Ethernet ports typeGigabit Ethernet (10/100/1000)
Power sourceAC
Input current5 A
AC input voltage100 - 240 V
Power consumption (typical)60.9 W
Number of power supply units1
Redundant power supply (RPS) supportYes
Operating altitude0 - 3000 m
Non-operating altitude0 - 4000 m
Storage temperature (T-T)-25 - 70 °C
Operating temperature (T-T)-5 - 40 °C
Operating relative humidity (H-H)10 - 95 %
Switching protocolsUDP, TCP, RADIUS/TACACS+
Number of VLANs1023
Networking standardsIEEE 802.1ab, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q, IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3, IEEE 802.3ab, IEEE 802.3ad, IEEE 802.3ae, IEEE 802.3af, IEEE 802.3ah, IEEE 802.3at, IEEE 802.3az, IEEE 802.3u, IEEE 802.3x, IEEE 802.3z
Throughput107.1 Mpps
Jumbo frames9216
Number of queues8
MAC address table16000 entries
Number of static routes1000
DHCP featuresDHCP server
AuthenticationMAC-based authentication, Port-based authentication
Security algorithms802.1x RADIUS, SNMP, SSH
Access Control List (ACL) rules3
Switch typeManaged
Switch layerL2/L3
SafetyUL 60950-1, CAN/CSA-C22.2 No. 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950-1
Form factor1U
Product colorBlack
Total Power over Ethernet (PoE) budget370 W
Power over Ethernet (PoE) ports quantity24
Power over Ethernet plus (PoE+) ports quantity12
Memory typeDRAM
Noise level39 dB
Flash memory128 MB
Internal memory512 MB
Processor frequency600 MHz
Mean time between failures (MTBF)276870 h
Weight and Dimensions IconWeight and Dimensions
Depth368 mm
Width445 mm
Height45 mm
Weight5800 g

Related product manuals