Authentication Manager - Cisco Catalyst 2960 Software Configuration Manual

Hide thumbs Also See for Catalyst 2960:

Table of Contents

Configuring IEEE 802.1x Port-Based Authentication

Authentication Manager

In Cisco IOS Release 12.2(46)SE and earlier, you could not use the same authorization methods, including

CLI commands and messages, on this switch and also on other network devices, such as a Catalyst 6000.

You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports

the same authorization methods on all Catalyst switches in a network.

Cisco IOS Release 12.2(55)SE supports filtering verbose system messages from the authentication

manager. For details, see the

Port-Based Authentication Methods

Message Exchange During MAC Authentication Bypass

EAPOL Request/Identity

Ethernet packet

"Authentication Manager CLI Commands" section on page

Port-Based Authentication Methods, page 10-7

Per-User ACLs and Filter-Ids, page 10-8

Authentication Manager CLI Commands, page 10-9

lists the authentication methods supported in these host modes:

Single host–Only one data or voice host (client) can be authenticated on a port.

Multiple host–Multiple data hosts can be authenticated on the same port. (If a port becomes

unauthorized in multiple-host mode, the switch denies network access to all of the attached clients.)

Multidomain authentication (MDA) –Both a data device and voice device can be authenticated on

the same switch port. The port is divided into a data domain and a voice domain.

Multiple authentication–Multiple hosts can authenticate on the data VLAN. This mode also allows

one client on the VLAN if a voice VLAN is configured.

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

Understanding IEEE 802.1x Port-Based Authentication

RADIUS Access/Request

RADIUS Access/Accept

Authentication

Show Quick Links

Table of Contents

Catalyst 2960-s