Authentication Manager For Port-Based Authentication - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
If 802.1x authentication times out while waiting for an EAPOL message exchange and MAC authentication
bypass is enabled, the switch can authorize the client when the switch detects an Ethernet packet from the
client. The switch uses the MAC address of the client as its identity and includes this information in the
RADIUS-access/request frame that is sent to the RADIUS server. After the server sends the switch the
RADIUS-access/accept frame (authorization is successful), the port becomes authorized. If authorization fails
and a guest VLAN is specified, the switch assigns the port to the guest VLAN. If the switch detects an EAPOL
packet while waiting for an Ethernet packet, the switch stops the MAC authentication bypass process and
starts 802.1x authentication.
This figure shows the message exchange during MAC authentication bypass.
Figure 93: Message Exchange During MAC Authentication Bypass
Authentication Manager for Port-Based Authentication
Port-Based Authentication Methods
Table 123: 802.1x Features
Authentication method
802.1x
Mode
Single host
VLAN
assignment
Per-user ACL
Filter-ID
attribute
Downloadable
15
ACL
Redirect URL
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Information About 802.1x Port-Based Authentication
Multiple host
MDA
VLAN
VLAN
assignment
assignment
Per-user ACL
Filter-Id attribute
Downloadable
ACL
Redirect URL
Multiple
Authentication
VLAN
assignment
Per-user ACL
Filter-Id attribute
Downloadable
ACL
Redirect URL
1323
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
