EasyManuals Logo
Home>Cisco>Switch>Catalyst 3750-X

Cisco Catalyst 3750-X User Manual

Cisco Catalyst 3750-X
1438 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #294 background imageLoading...
Page #294 background image
11-4
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 11 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
The devices that can act as intermediaries include the Catalyst 3750-X, Catalyst 3750-E, Catalyst
3750, Catalyst 3650-X, Catalyst 3560-E, Catalyst 3560, Catalyst 3
550, Catalyst 2970, Catalyst
2960, Catalyst 2955, Catalyst 2950, Catalyst 2940 switches, or a wireless a
ccess point. These
devices must be running software that supports the RADIUS client and IEEE 802.1x authentication.
Authentication Process
When 802.1x port-based authentication is enabled and the client supports 802.1x-compliant client
software, these events occur:
If the client identity is valid and the 802.1x authentication succeeds, the switch grants the client
access to the network.
If 802.1x authentication times out while waiting for an EAPOL message exchange and MAC
authentication bypass is enabled, the switch can use the client MAC address for authorization. If the
client MAC address is valid and the authorization succeeds, the switch grants the client access to the
network. If the client MAC address is invalid and the authorization fails, the switch assigns the client
to a guest VLAN that provides limited services if a guest VLAN is configured.
If the switch gets an invalid identity from an 802.1x-capable client and a restricted VLAN is
specified, the switch can assign the client to a restricted VLAN that provides limited services.
If the RADIUS authentication server is unavailable (down) and inaccessible authentication bypass
is enabled, the switch grants the client access to the network by putting the port in the
critical-authentication state in the RADIUS-configured or the user-specified access VLAN.
Note Inaccessible authentication bypass is also referred to as critical authentication or the AAA fail
policy.
Figure 11-2 shows the authentication process.
If Multi Domain Authentication (MDA) is enabled on a por
t, this flow can be used with some exceptions
that are applicable to voice authorization. For more information on MDA, see “Multidomain
Authentication” section on page 11-27.

Table of Contents

Other manuals for Cisco Catalyst 3750-X

Preview: Command Reference
Command Reference1244 pages
Preview: Message Guide
Message Guide150 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3750-X and is the answer not in the manual?

Cisco Catalyst 3750-X Specifications

General IconGeneral
BrandCisco
ModelCatalyst 3750-X
CategorySwitch
LanguageEnglish

Related product manuals