hit counter script

Cisco 500 series Administration Manual page 322

Stackable managed switch
Hide thumbs Also See for 500 series:
Table of Contents

Advertisement

Configuring Security
Configuring 802. 1 X
Cisco 500 Series Stackable Managed Switch Administration Guide
A RADIUS server must support DVA with RADIUS attributes tunnel-type
(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-
group-id = a VLAN ID.
The authentication methods can be:
802. 1 x—The switch supports the authentication mechanism, as described
in the standard, to authenticate and authorize 802. 1 x supplicants.
MAC-based—The switch can be configured to use this mode to
authenticate and authorized devices that do not support 802. 1 x. The switch
emulates the supplicant role on behalf of the non 802. 1 x capable devices,
and uses the MAC address of the devices as the username and password
when communicating with the RADIUS servers. MAC addresses for
username and password must be entered in lower case and with no
delimiting characters (for example: aaccbb55ccff). To use MAC-based
authentication at a port:
-
A Guest VLAN must be defined
-
The port must be Guest VLAN enabled.
-
The packets from the first supplicant at the port before it is authorized
must be untagged packets.
You can configure a port to use 802. 1 x, MAC-based, or 802. 1 x and MAC-based
authentication. If a port is configured to use both 802. 1 x and MAC-based
authentication, 802. 1 x has precedence over non-802. 1 x device.
Unauthenticated VLANs and the Guest VLAN
Unauthenticated VLANs and Guest VLAN provide access to services that do not
require the subscribing devices or ports to be 802. 1 x or MAC-Based authenticated
and authorized.
An unauthenticated VLAN is a VLAN that allows access by both authorized and
unauthorized devices or ports. You can configure one or more VLANs to be
unauthenticated in
Creating VLANs
An unauthenticated VLAN has the following characteristics:
It must be a static VLAN, and cannot be the Guest VLAN or the Default
VLAN.
The member ports must be manually configured as tagged members.
The member ports must be trunk and/or general ports. An access port
cannot be member of an unauthenticated VLAN.
18
322

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents