10-8
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Authentication Manager
In Cisco IOS Releas e 12.2(46)SE an d earlier, you could not use the same authorization methods, including
CLI commands and messages, on this switch and also on other network devices, such as a Catalyst 6000.
You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports
the same authorization methods on all Catalyst switches in a network.
Cisco IOS Release 12.2(55)SE supports filtering verbose system messages from the authentication
manager. For details, see the “Authentication Manager CLI Commands” section on page 10-10.
Port-Based Authentication Methods, page 10-8
Per-User ACLs and Filter-Ids, page 10-9
Authentication Manager CLI Commands, page 10-10

Port-Based Authentication Methods

Table 10-1 lists the authentication methods supported in these host modes:
Single host–Only one data or voice host (client) can be authenticate d on a port.
Multiple host–Multiple data hosts can be authenticated on the same port. (If a port becomes
unauthorized in multiple-host mode, the switch denies network access to all of the attached clients.)
Multidomain authentication (MDA) –Both a data device and voice device can be authenticated on
the same switch port. The port is divided into a data domain and a voice domain.
Multiple authentication–Multiple hosts can authenticate on the data VLAN. This mode also allows
one client on the VLAN if a voice VLAN is configured.
Table 10-1 802.1x Features
Authentication method
Mode
Single Host Multiple Host MDA1
Multiple
Authentication2
802.1x VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL3
Redirect URL 3
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL4
Redirect URL 3
VLAN assignment
Per-user ACL3
Filter-Id attribute3
Downloadable
ACL3
Redirect URL3
Per-user ACL3
Filter-Id attribute3
Downloadable
ACL3
Redirect URL3
MAC authentication bypass VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL3
Redirect URL3
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL3
Redirect URL3
VLAN assignment
Per-user ACL3
Filter-Id attribute3
Downloadable
ACL3
Redirect URL3
Per-user ACL3
Filter-Id attribute3
Downloadable
ACL3
Redirect URL3
Standalone web authentication4Proxy ACL, Filter-Id attribute, downloadable ACL2