Table of Contents
Advertisement
Understanding IEEE 802.1x Port-Based Authentication
Table 9-3
Attribute Number
Attribute[40]
Attribute[41]
Attribute[42]
Attribute[43]
Attribute[44]
Attribute[45]
Attribute[46]
Attribute[49]
Attribute[61]
1. The Framed-IP-Address AV pair is sent only if a valid Dynamic Host Control Protocol (DHCP) binding
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting
privileged EXEC command. For more information about this command, see the Cisco IOS Debug
Command Reference, Release 12.2.
For more information about AV pairs, see RFC 3580, "802.1x Remote Authentication Dial In User Service
(RADIUS) Usage Guidelines."
802.1x Readiness Check
The 802.1x readiness check monitors 802.1x activity on all the switch ports and displays information
about the devices connected to the ports that support 802.1x. You can use this feature to determine if the
devices connected to the switch ports are 802.1x-capable. You use an alternate authentication such as
MAC authentication bypass or web authentication for the devices that do not support 802.1x
functionality.
This feature only works if the supplicant on the client supports a query with the NOTIFY EAP
notification packet. The client must respond within the 802.1x timeout value.
For information on configuring the switch for the 802.1x readiness check, see the
Authentication" section on page
802.1x Authentication with VLAN Assignment
The switch supports 802.1x authentication with VLAN assignment. After successful 802.1x
authentication of a port, the RADIUS server sends the VLAN assignment to configure the switch port.
The RADIUS server database maintains the username-to-VLAN mappings, assigning the VLAN based
on the username of the client connected to the switch port. You can use this feature to limit network
access for certain users.
Voice device authentication is supported. When a voice device is authorized and the RADIUS server
returned an authorized VLAN, the voice VLAN on the port is configured to send and receive packets on
the assigned voice VLAN. Voice VLAN assignment behaves the same as data VLAN assignment on
multidomain authentication (MDA)-enabled ports. For more information, see the
Authentication" section on page
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
9-16
Accounting AV Pairs (continued)
AV Pair Name
Acct-Status-Type
Acct-Delay-Time
Acct-Input-Octets
Acct-Output-Octets
Acct-Session-ID
Acct-Authentic
Acct-Session-Time
Acct-Terminate-Cause
NAS-Port-Type
exists for the host in the DHCP snooping bindings table.
Chapter 9
START
Always
Always
Never
Never
Always
Always
Never
Never
Always
9-38.
9-30.
Configuring IEEE 802.1x Port-Based Authentication
INTERIM
STOP
Always
Always
Always
Always
Never
Always
Never
Always
Always
Always
Always
Always
Never
Always
Never
Always
Always
Always
"Configuring 802.1x
"Multidomain
OL-13270-06
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
