Voice Aware 802.1X Security - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Voice Aware 802.1x Security
• If the access VLAN is configured on the authenticator switch, it becomes the native VLAN for the trunk
You can enable MDA or multiauth mode on the authenticator switch interface that connects to one more
supplicant switches. Multihost mode is not supported on the authenticator switch interface.
Use the dot1x supplicant force-multicast global configuration command on the supplicant switch for Network
Edge Access Topology (NEAT) to work in all host modes.
• Host Authorization: Ensures that only traffic from authorized hosts (connecting to the switch with
• Auto enablement: Automatically enables trunk configuration on the authenticator switch, allowing user
1
3
5
Voice Aware 802.1x Security
You use the voice aware 802.1x security feature to configure the switch to disable only the VLAN on which
a security violation occurs, whether it is a data or voice VLAN. In previous releases, when an attempt to
authenticate the data client caused a security violation, the entire port shut down, resulting in a complete loss
of connectivity.
You can use this feature in IP phone deployments where a PC is connected to the IP phone. A security violation
found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the voice VLAN
flows through the switch without interruption.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
242
with the 802.1x switch supplicant feature authenticates with the upstream switch for secure connectivity.
Once the supplicant switch authenticates successfully the port mode changes from access to trunk.
port after successful authentication.
supplicant) is allowed on the network. The switches use Client Information Signalling Protocol (CISP)
to send the MAC addresses connecting to the supplicant switch to the authenticator switch.
traffic from multiple VLANs coming from supplicant switches. Configure the cisco-av-pair as
device-traffic-class=switch at the ACS. (You can configure this under the group or the user settings.)
Figure 21: Authenticator and Supplicant Switch using CISP
Workstations (clients)
Authenticator switch
Trunk port
Configuring IEEE 802.1x Port-Based Authentication
2
Supplicant switch (outside wiring closet)
4
Access control server (ACS)
OL-29434-01
Hide quick links:
Advertisement
Table of Contents
