Common Session Id; Configuring 802.1X Authentication - Cisco Catalyst 2975 Software Configuration Manual

Configuring 802.1x Authentication

Only IP standard and IP extended port ACLs from the ACS support the Filter-Id attribute. It specifies the
name or number of an ACL. The Filter-id attribute can also specify the direction (inbound or outbound)
and a user or a group to which the user belongs.
•
•
•
If the Filter-Id attribute is not defined on the switch, authentication fails, and the port returns to the
unauthorized state.

Common Session ID

Authentication manager uses a single session ID (referred to as a common session ID) for a client no
matter which authentication method is used. This ID is used for all reporting purposes, such as the show
commands and MIBs. The session ID appears with all per-session syslog messages.
The session ID includes:
•
•
•
This example shows how the session ID appears in the output of the show authentication command.
The session ID in this example is 160000050000000B288508E5:
Switch# show authentication sessions
Interface
Fa4/0/4
This is an example of how the session ID appears in the syslog output. The session ID in this example
is also160000050000000B288508E5:
1w0d: %AUTHMGR-5-START: Starting 'mab' for client (0000.0000.0203) on Interface Fa4/0/4
AuditSessionID 160000050000000B288508E5
1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.0203) on Interface
Fa4/0/4 AuditSessionID 160000050000000B288508E5
1w0d: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client
(0000.0000.0203) on Interface Fa4/0/4 AuditSessionID 160000050000000B288508E5
The session ID is used by the NAD, the AAA server, and other report-analyzing applications to identify
the client. The ID appears automatically. No configuration is required.
Configuring 802.1x Authentication
These sections contain this configuration information:
•
•
•
•
Catalyst 2975 Switch Software Configuration Guide
10-32
The Filter-Id attribute for the user takes precedence over that for the group.
If a Filter-Id attribute from the ACS specifies an ACL that is already configure, it takes precedence
over a user-configured ACL.
If the RADIUS server sends more than one Filter-Id attribute, only the last attribute is applied.
The IP address of the Network Access Device (NAD)
A monotonically increasing unique 32 bit integer
The session start time stamp (a 32 bit integer)
MAC Address
0000.0000.0203
Default 802.1x Authentication Configuration, page 10-33
802.1x Authentication Configuration Guidelines, page 10-35
Configuring 802.1x Readiness Check, page 10-37
Configuring Voice Aware 802.1x Security, page 10-38
Chapter 10
Method Domain Status
mab DATA Authz Success
(optional)
Configuring IEEE 802.1x Port-Based Authentication
Session ID
160000050000000B288508E5
(optional)
OL-19720-02