Chapter 44
Configuring 802.1X Port-Based Authentication
Figure 44-16
Note
The procedure is the same for voice devices except that the AAA server must be configured to send a
Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice.
Enabling Fallback Authentication
On a port in multiauthentication mode, either or both of MAB and web-based authentication can be
configured as fallback authentication methods for non-802.1X hosts (those that do not respond to
EAPOL). You can configure the order and priority of the authentication methods.
For detailed configuration information for MAB, see the
Authentication Bypass" section on page
For detailed configuration information for web-based authentication, see
Web-Based Authentication."
Note
When web-based authentication and other authentication methods are configured on an MDA or
multiauthentication port, downloadable ACL policies must be configured for all devices attached to that
port.
To enable fallback authentication, perform this task:
Command
Step 1
Switch(config)# ip admission name rule-name proxy
http
Step 2
Switch(config)# fallback profile profile-name
OL-25340-01
User Set Up
44-58.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring 802.1X Port-Based Authentication
"Configuring 802.1X with MAC
Purpose
Configures an authentication rule for web-based
authentication.
Creates a fallback profile for web-based authentication.
Chapter 46, "Configuring
44-73