Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

•IEEE 802.1x Host Mode, page 10-8

•IEEE 802.1x Accounting, page 10-9

•IEEE 802.1x Accounting Attribute-Value Pairs, page 10-9

•Using IEEE 802.1x Authentication with VLAN Assignment, page 10-10

•Using IEEE 802.1x Authentication with Per-User ACLs, page 10-11

•Using IEEE 802.1x Authentication with Guest VLAN, page 10-12

•Using IEEE 802.1x Authentication with Restricted VLAN, page 10-13

•Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass, page 10-14

•Using IEEE 802.1x Authentication with Voice VLAN Ports, page 10-15

•Using IEEE 802.1x Authentication with Port Security, page 10-16

•Using IEEE 802.1x Authentication with Wake-on-LAN, page 10-17

•Using IEEE 802.1x Authentication with MAC Authentication Bypass, page 10-17

•Network Admission Control Layer 2 IEEE 802.1x Validation, page 10-19

•Using Multidomain Authentication, page 10-19

•Using Web Authentication, page 10-20

Device Roles

With IEEE 802.1x port-based authentication, the devices in the network have specific roles as shown in Figure 10-1.

Figure 10-1 IEEE 802.1x Device Roles

Authentication

server

(RADIUS)

Workstations

(clients)

101229

•Client—the device (workstation) that requests access to the LAN and switch services and responds to requests from the switch. The workstation must be running IEEE 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system. (The client is the supplicant in the IEEE 802.1x standard.)

Note To resolve Windows XP network connectivity and IEEE 802.1x authentication issues, read the Microsoft Knowledge Base article at this URL: http://support.microsoft.com/support/kb/articles/Q303/5/97.ASP

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

10-2

OL-9775-02

 

 

Page 254
Image 254
Cisco Systems 3750E manual Device Roles, 10-2