Cisco Catalyst 2928 Software Configuration Manual page 186

Ios release 12.2(55)ez
Table of Contents

Advertisement

Understanding IEEE 802.1x Port-Based Authentication
Figure 9-2
Assign the port to
a restricted VLAN.
The switch re-authenticates a client when one of these situations occurs:
Periodic re-authentication is enabled, and the re-authentication timer expires.
You can configure the re-authentication timer to use a switch-specific value or to be based on values
from the RADIUS server.
After IEEE 802.1x authentication using a RADIUS server is configured, the switch uses timers
based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action
RADIUS attribute (Attribute [29]).
The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which
re-authentication occurs.
Catalyst 2928 Switch Software Configuration Guide
9-4
Authentication Flowchart
Start
Is the client IEEE
802.1x capable?
Yes
Start IEEE 802.1x port-based
authentication.
Client
Client
identity is
identity is
invalid
valid
Assign the port to
a VLAN.
Done
Done
All authentication
servers are down.
Use inaccessible
authentication bypass
(critical authentication)
to assign the critical
port to a VLAN.
Done
Chapter 9
Configuring IEEE 802.1x Port-Based Authentication
No
IEEE 802.1x authentication
process times out.
The switch gets an
EAPOL message,
and the EAPOL
message
exchange begins.
Use MAC authentication
Assign the port to
All authentication
servers are down.
1 = This occurs if the switch does not detect EAPOL packets from the client.
Is MAC authentication
bypass enabled?
Yes
1
bypass.
Client MAC
Client MAC
address
address
identity
identity
is valid.
is invalid.
Assign the port to
a VLAN.
a guest VLAN.
Done
Done
1
No
1
OL-23389-01

Advertisement

Table of Contents
loading

Table of Contents