11-2
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter11 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication
Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP)
traffic through the port to which the client is connected. After authentication is successful, normal traffic
can pass through the port.
These sections describe IEEE 802.1x port-based authentication:
Device Roles, page11-3
Authentication Process, page 11-4
Authentication Initiation and Message Exchange, page11-6
Authentication Manager, page11-8
Ports in Authorized and Unauthorized States, page 11-10
802.1x Authentication and Switch Stacks, page 11-11
802.1x Host Mode, page 11-12
MAC Move, page11-13
802.1x Accounting, page11-13
802.1x Accounting Attribute-Value Pairs, page11-13
802.1x Multiple Authentication Mode, page11-12
802.1x Readiness Check, page11-14
802.1x Authentication with Per-User ACLs, page11-16
802.1x Authentication with Guest VLAN, page11-19
802.1x Authentication with Restricted VLAN, page 11-20
802.1x Authentication with Inaccessible Authentication Bypass, page 11-20
802.1x Authentication with Downloadable ACLs and Redirect URLs, page11-17
VLAN ID-based MAC Authentication, page11-18
IEEE 802.1x Authentication with Voice VLAN Ports, page11-23
IEEE 802.1x Authentication with Port Security, page11-24
IEEE 802.1x Authentication with Wake-on-LAN, page11-24
IEEE 802.1x Authentication with MAC Authentication Bypass, page11-25
802.1x User Distribution, page11-22
Network Admission Control Layer 2 IEEE 802.1x Validation, page11-26
Multidomain Authentication, page11-27
Flexible Authentication Ordering, page11-27
Open1x Authentication, page11-27
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT),
page 11-29
Voice Aware 802.1x Security, page 11-30
Common Session ID, page 11-30
Understanding Media Access Control Security and MACsec Key Agreement, page11-31