X Host Mode - Cisco Catalyst 3750-E Software Configuration Manual
Hide thumbs
Also See for Catalyst 3750-E:
- Getting started manual (27 pages) ,
- Product support bulletin (6 pages) ,
- Configuration handbook (359 pages)
Table of Contents
Advertisement
Understanding IEEE 802.1x Port-Based Authentication
If IP connectivity to the RADIUS server is interrupted because the switch that was connected to the
server is removed or fails, these events occur:
•
•
If the switch that failed comes up and rejoins the switch stack, the authentications might or might not
fail depending on the boot-up time and whether the connectivity to the RADIUS server is re-established
by the time the authentication is attempted.
To avoid loss of connectivity to the RADIUS server, you should ensure that there is a redundant
connection to it. For example, you can have a redundant connection to the stack master and another to a
stack member, and if the stack master fails, the switch stack still has connectivity to the RADIUS server.
802.1x Host Mode
You can configure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode (see
Figure 11-1 on page
switch detects the client by sending an EAPOL frame when the port link state changes to the up state. If
a client leaves or is replaced with another client, the switch changes the port link state to down, and the
port returns to the unauthorized state.
In multiple-hosts mode, you can attach multiple hosts to a single 802.1x-enabled port.
page 10-12
attached clients must be authorized for all clients to be granted network access. If the port becomes
unauthorized (re-authentication fails or an EAPOL-logoff message is received), the switch denies
network access to all of the attached clients. In this topology, the wireless access point is responsible for
authenticating the clients attached to it, and it also acts as a client to the switch.
With the multiple-hosts mode enabled, you can use 802.1x authentication to authenticate the port and
port security to manage network access for all MAC addresses, including that of the client.
Figure 10-5
Wireless clients
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
10-12
Ports that are already authenticated and that do not have periodic re-authentication enabled remain
in the authenticated state. Communication with the RADIUS server is not required.
Ports that are already authenticated and that have periodic re-authentication enabled (with the dot1x
re-authentication global configuration command) fail the authentication process when the
re-authentication occurs. Ports return to the unauthenticated state during the re-authentication
process. Communication with the RADIUS server is required.
For an ongoing authentication, the authentication fails immediately because there is no server
connectivity.
11-2), only one client can be connected to the 802.1x-enabled switch port. The
shows 802.1x port-based authentication in a wireless LAN. In this mode, only one of the
Multiple Host Mode Example
Access point
Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
Authentication
server
(RADIUS)
Figure 10-5 on
OL-9775-08
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
