1. Manuals
  2. Brands
  3. Computer Equipment
  4. Switch
  5. IBM
  6. Computer Equipment
  7. Switch

IBM 12.1(22)EA6 Using IEEE 802.1x with Port Security

1 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 550
Download on canonical page 550 pages, 5.74 Mb
6-7
Cisco Systems IntelligentGigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter6 Configuring IEEE 802 .1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Figure6-3 Multiple Host Mode Example
Using IEEE 802.1x with Port Security
You can configure an IEEE 802.1x port with port security in either single-host or multiple-hosts mode.
(You must also configure port security on the port by using the switchport port-security interface
configuration command.) When you enable port security and IEEE 802.1x on a port, IEEE 802.1x
authenticates the port, and port security manages network access for all MAC addresses, including that
of the client. You can then limit the number or group of clients that can access the network through an
IEEE 802.1x port.
These are some examples of the interaction between IEEE 802.1x and port security on the switch:
When a client is authenticated, and the port security table is not full, the client’s MAC address is
added to the port security list of secure hosts. The port then proceeds to come up normally.
When a client is authenticated and manually configured for port security, it is guaranteed an entry
in the secure host table (unless port security static aging has been enabled).
A security violation occurs if the client is authenticated, but port security table is full. This can
happen if the maximum number of secure hosts has been statically configured, or if the client ages
out of the secure host table. If the client’s address is aged out, its place in the secure ho st table can
be taken by another host.
The port security violation modes determine the action for security violations. For more
information, see the “Security Violations” section on page 15-5.
When an IEEE 802.1x client logs off, the port transitions back to an unauthenticated state, and all
dynamic entries in the secure host table are cleared, including the entry for the client. Normal
authentication then takes place.
If the port is administratively shut down, the port becomes unauthenticated, and all dynamic entries
are removed from the secure host table.
Port security and a voice VLAN can be configured simultaneously on an IEEE 802.1x port that is
in either single-host or multiple-hosts mode. Port security applies to both the voice VLAN identifier
(VVID) and the port VLAN identifier (PVID).
Wireless clients
Access point
Authentication
server
(RADIUS)
92431
RADIUS
MENU

Models

Contents