X Authentication And Switch Stacks - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
In contrast, when an 802.1x-enabled client connects to a port that is not running the 802.1x standard, the
client initiates the authentication process by sending the EAPOL-start frame. When no response is
received, the client sends the request for a fixed number of times. Because no response is received, the
client begins sending frames as if the port is in the authorized state.
You control the port authorization state by using the authentication port-control interface
configuration command and these keywords:
•
•
•
If the client is successfully authenticated (receives an Accept frame from the authentication server), the
port state changes to authorized, and all frames from the authenticated client are allowed through the
port. If the authentication fails, the port remains in the unauthorized state, but authentication can be
retried. If the authentication server cannot be reached, the switch can resend the request. If no response
is received from the server after the specified number of attempts, authentication fails, and network
access is not granted.
When a client logs off, it sends an EAPOL-logoff message, causing the switch port to change to the
unauthorized state.
If the link state of a port changes from up to down, or if an EAPOL-logoff frame is received, the port
returns to the unauthorized state.
802.1x Authentication and Switch Stacks
Switch stacks are supported only on Catalyst 2960-S switches running the LAN base image.
Note
If a switch is added to or removed from a switch stack, 802.1x authentication is not affected as long as
the IP connectivity between the RADIUS server and the stack remains intact. This statement also applies
if the stack master is removed from the switch stack. Note that if the stack master fails, a stack member
becomes the new stack master by using the election process described in
Stacks,"
If IP connectivity to the RADIUS server is interrupted because the switch that was connected to the
server is removed or fails, these events occur:
•
•
OL-26520-01
force-authorized—disables 802.1x authentication and causes the port to change to the authorized
state without any authentication exchange required. The port sends and receives normal traffic
without 802.1x-based authentication of the client. This is the default setting.
force-unauthorized—causes the port to remain in the unauthorized state, ignoring all attempts by
the client to authenticate. The switch cannot provide authentication services to the client through the
port.
auto—enables 802.1x authentication and causes the port to begin in the unauthorized state, allowing
only EAPOL frames to be sent and received through the port. The authentication process begins
when the link state of the port changes from down to up or when an EAPOL-start frame is received.
The switch requests the identity of the client and begins relaying authentication messages between
the client and the authentication server. Each client attempting to access the network is uniquely
identified by the switch by using the client MAC address.
and the 802.1x authentication process continues as usual.
Ports that are already authenticated and that do not have periodic re-authentication enabled remain
in the authenticated state. Communication with the RADIUS server is not required.
Ports that are already authenticated and that have periodic re-authentication enabled (with the dot1x
re-authentication global configuration command) fail the authentication process when the
re-authentication occurs. Ports return to the unauthenticated state during the re-authentication
process. Communication with the RADIUS server is required.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Understanding IEEE 802.1x Port-Based Authentication
Chapter 7, "Managing Switch
10-11
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
