Understanding IEEE 802.1x Port-Based Authentication
Table 10-1
802.1x Features
Authentication method
802.1x
MAC authentication bypass
Standalone web authentication
NAC Layer 2 IP validation
Web authentication as fallback
5
method
1. MDA = Multidomain authentication.
2. Also referred to as multiauth.
3. Supported in Cisco IOS Release 12.2(50)SE and later.
4. Supported in Cisco IOS Release 12.2(50)SE and later.
5. For clients that do not support 802.1x authentication.
Per-User ACLs and Filter-Ids
In releases earlier than Cisco IOS Release 12.2(50)SE, per-user ACLs and filter Ids were only supported
in single-host mode. In Cisco IOS Release 12.2(50), support was added for MDA- and multiauth-enabled
ports. In 12.2(52)SE and later, support was added for ports in multihost mode.
In releases earlier than Cisco IOS Release 12.2(50)SE, an ACL configured on the switch is not
compatible with an ACL configured on another device running Cisco IOS software, such as a
Catalyst 6000 switch.
In Cisco IOS Release 12.2(50)SE or later, the ACLs configured on the switch are compatible with other
devices running the Cisco IOS release.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
10-8
Mode
Single Host
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
3
ACL
3
Redirect URL
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
3
ACL
3
Redirect URL
4
Proxy ACL, Filter-Id attribute, downloadable ACL
Filter-Id attribute
Downloadable ACL
Redirect URL
Proxy ACL
Filter-Id attribute
Downloadable
3
ACL
Chapter 10
Multiple Host
MDA
VLAN assignment
VLAN assignment
Per-user ACL
Per-user ACL
Filter-ID attribute
Filter-Id attribute
Downloadable
Downloadable
4
ACL
ACL
3
Redirect URL
Redirect URL
VLAN assignment
VLAN assignment
Per-user ACL
Per-user ACL
Filter-ID attribute
Filter-Id attribute
Downloadable
Downloadable
3
ACL
ACL
3
Redirect URL
Redirect URL
3
3
Filter-Id attribute
Filter-Id attribute
Downloadable ACL
Downloadable ACL
Redirect URL
Redirect URL
Proxy ACL
Proxy ACL
3
3
Filter-Id attribute
Filter-Id attribute
Downloadable
Downloadable
3
ACL
ACL
Configuring IEEE 802.1x Port-Based Authentication
Multiple
1
Authentication
Per-user ACL
3
Filter-Id attribute
3
Downloadable
3
ACL
3
Redirect URL
3
Per-user ACL
3
Filter-Id attribute
3
Downloadable
3
ACL
3
Redirect URL
3
2
3
Filter-Id attribute
Downloadable
3
ACL
Redirect URL
Proxy ACL
3
Filter-Id attribute
Downloadable
3
3
ACL
2
3
3
3
3
3
3
3
3
3
3
OL-26520-01