EasyManuals Logo
Home>Cisco>Switch>IE-3000-8TC

Cisco IE-3000-8TC User Manual

Cisco IE-3000-8TC
874 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #254 background imageLoading...
Page #254 background image
12-24
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 12 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Open1x Authentication
Open1x authentication allows a device access to a port before that device is authenticated. When open
authentication is configured, a new host on the port can only send traffic to the switch. After the host is
authenticated, the policies configured on the RADIUS server are applied to that host.
You can configure open authentication with these scenarios:
Single-host mode with open authentication–Only one user is allowed network access before and
after authentication.
MDA mode with open authentication–Only one user in the voice domain and one user in the data
domain are allowed.
Multiple-hosts mode with open authentication–Any host can access the network.
Multiple-authentication mode with open authentication–Similar to MDA, except multiple hosts can
be authenticated.
For more information see the “Configuring the Host Mode” section on page 12-35.
802.1x Switch Supplicant with Network Edge Access Topology (NEAT)
NEAT extends identity to areas outside the wiring closet (such as conference rooms) through the
following:
802.1x switch supplicant: You can configure a switch to act as a supplicant to another switch by
using the 802.1x supplicant feature. This configuration is helpful in a scenario where, for example,
a switch is outside a wiring closet and is connected to an upstream switch through a trunk port. A
switch configured with the 802.1x switch supplicant feature authenticates with the upstream switch
for secure connectivity.
Note You cannot enable MDA or multiauth mode on the authenticator switch interface that connects
to one more supplicant switches.
Host Authorization: NEAT ensures that only traffic from authorized hosts (connecting to the switch
with supplicant) is allowed on the network. The switches use Client Information Signalling Protocol
(CISP) to send the MAC addresses connecting to the supplicant switch to the authenticator switch,
as shown in
Figure 12-6.
Auto enablement: Automatically enables trunk configuration on the authenticator switch, allowing
user traffic from multiple VLANs coming from supplicant switches. This can be achieved by
configuring the cisco-av-pair as device-traffic-class=switch at the ACS. (You can configure this
under the group or user settings.)

Table of Contents

Other manuals for Cisco IE-3000-8TC

Preview: Hardware Installation Guide
Hardware Installation Guide170 pages
Preview: Administration Guide
Administration Guide496 pages
Preview: Message Guide
Message Guide98 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IE-3000-8TC and is the answer not in the manual?

Cisco IE-3000-8TC Specifications

General IconGeneral
BrandCisco
ModelIE-3000-8TC
CategorySwitch
LanguageEnglish

Related product manuals