Understanding Ieee 802.1X Port-Based Authentication - Cisco Catalyst 2975 Software Configuration Manual

Configuring IEEE 802.1x Port-Based
Authentication
IEEE 802.1x port-based authentication prevents unauthorized devices (clients) from gaining access to
the network. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack.
The Catalyst 2975 switch command reference and the "RADIUS Commands" section in the Cisco IOS
Security Command Reference, Release 12.2, have command syntax and usage information.
This chapter includes these sections:
•
•
•

Understanding IEEE 802.1x Port-Based Authentication

The standard defines a client-server-based access control and authentication protocol to prevent
unauthorized clients from connecting to a LAN through publicly accessible ports.The authentication
server authenticates each client connected to a switch port before making available any switch or LAN
services.
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication
Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP)
traffic through the port to which the client is connected. After authentication, normal traffic passes
through the port.
•
•
•
•
•
•
•
•
•
•
OL-19720-02
Understanding IEEE 802.1x Port-Based Authentication, page 10-1
Configuring 802.1x Authentication, page 10-32
Displaying 802.1x Statistics and Status, page 10-67
Device Roles, page 10-2
Authentication Process, page 10-3
Authentication Initiation and Message Exchange, page 10-5
Authentication Manager, page 10-7
Ports in Authorized and Unauthorized States, page 10-10
802.1x Authentication and Switch Stacks, page 10-11
802.1x Host Mode, page 10-12
Multidomain Authentication, page 10-12
802.1x Multiple Authentication Mode, page 10-13
MAC Move, page 10-14
C H A P T E R
Catalyst 2975 Switch Software Configuration Guide
10
10-1