Voice Aware 802.1X Security; Common Session Id - Cisco Catalyst 3750-X Software Configuration Manual

Understanding IEEE 802.1x Port-Based Authentication
•
•
For more information, see the
section on page

Voice Aware 802.1x Security

You use the voice aware 802.1x security feature to configure the switch to disable only the VLAN on
which a security violation occurs, whether it is a data or voice VLAN. In previous releases, when an
attempt to authenticate the data client caused a security violation, the entire port shut down, resulting in
a complete loss of connectivity.
You can use this feature in IP phone deployments where a PC is connected to the IP phone. A security
violation found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the
voice VLAN flows through the switch without interruption.
For information on configuring voice aware 802.1x security, see the
Security" section on page

Common Session ID

Authentication manager uses a single session ID (referred to as a common session ID) for a client no
matter which authentication method is used. This ID is used for all reporting purposes, such as the show
commands and MIBs. The session ID appears with all per-session syslog messages.
The session ID includes:
•
•
•
This example shows how the session ID appears in the output of the show authentication command. The
session ID in this example is 160000050000000B288508E5:
Switch# show authentication sessions
Interface
Fa4/0/4
This is an example of how the session ID appears in the syslog output. The session ID in this example
is also160000050000000B288508E5:
1w0d: %AUTHMGR-5-START: Starting 'mab' for client (0000.0000.0203) on Interface Fa4/0/4
AuditSessionID 160000050000000B288508E5
1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.0203) on Interface
Fa4/0/4 AuditSessionID 160000050000000B288508E5
1w0d: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client
(0000.0000.0203) on Interface Fa4/0/4 AuditSessionID 160000050000000B288508E5
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
11-30
The VSA changes the authenticator switch port mode from access to trunk and enables 802.1x trunk
encapsulation and the access VLAN if any would be converted to a native trunk VLAN. VSA does
not change any of the port configurations on the supplicant
To change the host mode and the apply a standard port configuration on the authenticator switch
port, you can also use AutoSmart ports user-defined macros, instead of the switch VSA. This allows
you to remove unsupported configurations on the authenticator switch port and to change the port
mode from access to trunk. For more information, see
Macros."
11-59.
11-39.
The IP address of the Network Access Device (NAD)
A monotonically increasing unique 32 bit integer
The session start time stamp (a 32 bit integer)
MAC Address
0000.0000.0203
Chapter 11
"Configuring an Authenticator and a Supplicant Switch with NEAT"
Method Domain Status
mab DATA Authz Success
Configuring IEEE 802.1x Port-Based Authentication
Chapter 14, "Configuring Auto Smartports
"Configuring Voice Aware 802.1x
Session ID
160000050000000B288508E5
OL-21521-01