Ports In Authorized And Unauthorized States - Cisco Catalyst 2960-X Security Configuration Manual

Ports in Authorized and Unauthorized States

Table 25: Authentication Manager Commands and Earlier 802.1x Commands
The authentication manager
commands in Cisco IOS
Release 12.2(50)SE or later
authentication
control-direction {both | in}
authentication event
authentication fallback
fallback-profile
authentication host-mode
[multi-auth | multi-domain |
multi-host | single-host]
authentication order
authentication periodic
authentication port-control
{auto | force-authorized |
force-un authorized}
authentication timer
authentication violation
{protect | restrict | shutdown}
Ports in Authorized and Unauthorized States
During 802.1x authentication, depending on the switch port state, the switch can grant a client access to the
network. The port starts in the unauthorized state. While in this state, the port that is not configured as a voice
VLAN port disallows all ingress and egress traffic except for 802.1x authentication, CDP, and STP packets.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
270
The equivalent 802.1x
commands in Cisco IOS
Release 12.2(46)SE and earlier
dot1x control-direction
{both | in}
dot1x auth-fail vlan
dot1x critical (interface
configuration)
dot1x guest-vlan6
dot1x fallback
fallback-profile
dot1x host-mode {single-host
| multi-host | multi-domain}
mab
dot1x reauthentication
dot1x port-control {auto |
force-authorized |
force-unauthorized}
dot1x timeout
dot1x violation-mode
{shutdown | restrict |
protect}
Configuring IEEE 802.1x Port-Based Authentication
Description
Enable 802.1x authentication with the
wake-on-LAN (WoL) feature, and configure
the port control as unidirectional or
bidirectional.
Enable the restricted VLAN on a port.
Enable the
inaccessible-authentication-bypass feature.
Specify an active VLAN as an 802.1x guest
VLAN.
Configure a port to use web authentication
as a fallback method for clients that do not
support 802.1x authentication.
Allow a single host (client) or multiple hosts
on an 802.1x-authorized port.
Provides the flexibility to define the order
of authentication methods to be used.
Enable periodic re-authentication of the
client.
Enable manual control of the authorization
state of the port.
Set the 802.1x timers.
Configure the violation modes that occur
when a new device connects to a port or
when a new device connects to a port after
the maximum number of devices are
connected to that port.
OL-29048-01