Chapter 1
Configuring IEEE 802.1x Port-Based Authentication
AV pairs are automatically sent by a switch that is configured for 802.1x accounting. Three types of
RADIUS accounting packets are sent by a switch:
•
•
•
Table 1-3
Table 1-3
Attribute Number
Attribute[1]
Attribute[4]
Attribute[5]
Attribute[8]
Attribute[25]
Attribute[30]
Attribute[31]
Attribute[40]
Attribute[41]
Attribute[42]
Attribute[43]
Attribute[44]
Attribute[45]
Attribute[46]
Attribute[49]
Attribute[61]
1. The Framed-IP-Address AV pair is sent only if a valid Dynamic Host Control Protocol (DHCP) binding
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting
privileged EXEC command. For more information about this command, see the Cisco IOS Debug
Command Reference, Release 12.4.
For more information about AV pairs, see RFC 3580, "IEEE 802.1x Remote Authentication Dial In User
Service (RADIUS) Usage Guidelines."
802.1x Readiness Check
The 802.1x readiness check monitors 802.1x activity on all the switch ports and displays information
about the devices connected to the ports that support 802.1x. You can use this feature to determine if the
devices connected to the switch ports are 802.1x-capable. You use an alternate authentication such as
MAC authentication bypass or web authentication for the devices that do not support 802.1x
functionality.
OL-25303-03
START–sent when a new user session starts
INTERIM–sent during an existing session for updates
STOP–sent when a session terminates
lists the AV pairs and when they are sent are sent by the switch:
Accounting AV Pairs
AV Pair Name
User-Name
NAS-IP-Address
NAS-Port
Framed-IP-Address
Class
Called-Station-ID
Calling-Station-ID
Acct-Status-Type
Acct-Delay-Time
Acct-Input-Octets
Acct-Output-Octets
Acct-Session-ID
Acct-Authentic
Acct-Session-Time
Acct-Terminate-Cause
NAS-Port-Type
exists for the host in the DHCP snooping bindings table.
Understanding IEEE 802.1x Port-Based Authentication
START
INTERIM
Always
Always
Always
Always
Always
Always
Never
Sometimes
Always
Always
Always
Always
Always
Always
Always
Always
Always
Always
Never
Always
Never
Always
Always
Always
Always
Always
Never
Always
Never
Never
Always
Always
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
STOP
Always
Always
Always
1
1
Sometimes
Always
Always
Always
Always
Always
Always
Always
Always
Always
Always
Always
Always
1-15