Supported Topologies - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 46
Configuring IEEE 802.1X Port-Based Authentication
If the client is successfully authenticated (receives an Accept frame from the authentication server), the
port state changes to authorized, and all frames from the authenticated client are allowed through the
port. If the authentication fails, the port remains in the unauthorized state, but authentication can be
retried. If the authentication server cannot be reached, the router can retransmit the request. If no
response is received from the server after the specified number of attempts, authentication fails, and
network access is not granted.
When a client logs off, it sends an EAPOL-logoff message, causing the router port to transition to the
unauthorized state.
If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port
returns to the unauthorized state.
Supported Topologies
The 802.1X port-based authentication is supported in two topologies:
•
•
In a point-to-point configuration (see
802.1X-enabled router port. The router detects the client when the port link state changes to the up state.
If a client leaves or is replaced with another client, the router changes the port link state to down, and
the port returns to the unauthorized state.
Figure 46-3
as a multiple-host port that becomes authorized as soon as one client is authenticated. When the port is
authorized, all other hosts indirectly attached to the port are granted access to the network. If the port
becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the router
denies access to the network to all of the attached clients. In this topology, the wireless access point is
responsible for authenticating the clients attached to it, and the wireless access point acts as a client to
the router.
Figure 46-3 Wireless LAN Example
Wireless clients
OL-4266-08
frame is received. The router requests the identity of the client and begins relaying authentication
messages between the client and the authentication server. Each client attempting to access the
network is uniquely identified by the router by using the client's MAC address.
Point-to-point
Wireless LAN
shows 802.1X port-based authentication in a wireless LAN. The 802.1X port is configured
Access point
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Understanding 802.1X Port-Based Authentication
Figure 46-1 on page
46-2), only one client can be connected to the
Catalyst switch
or
Cisco Router
Authentication
server
(RADIUS)
46-5
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
