802.1X Authentication Configuration Guidelines; 802.1X Authentication - Cisco Catalyst 2960-X Security Configuration Manual
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
802.1x Authentication Configuration Guidelines
Feature
Authentication server timeout period
Inactivity timeout
Guest VLAN
Inaccessible authentication bypass
Restricted VLAN
Authenticator (switch) mode
MAC authentication bypass
Voice-aware security
802.1x Authentication Configuration Guidelines
802.1x Authentication
These are the 802.1x authentication configuration guidelines:
• When 802.1x authentication is enabled, ports are authenticated before any other Layer 2 or Layer 3
• If the VLAN to which an 802.1x-enabled port is assigned changes, this change is transparent and does
• The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3 routed
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
298
features are enabled.
not affect the switch. For example, this change occurs if a port is assigned to a RADIUS server-assigned
VLAN and is then assigned to a different VLAN after re-authentication.
If the VLAN to which an 802.1x port is assigned to shut down, disabled, or removed, the port becomes
unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned
shuts down or is removed.
ports, but it is not supported on these port types:
◦Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port.
If you try to enable 802.1x authentication on a dynamic port, an error message appears, and 802.1x
authentication is not enabled. If you try to change the mode of an 802.1x-enabled port to dynamic,
an error message appears, and the port mode is not changed.
◦EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an
EtherChannel as an 802.1x port. If you try to enable 802.1x authentication on an EtherChannel
port, an error message appears, and 802.1x authentication is not enabled.
Configuring IEEE 802.1x Port-Based Authentication
Default Setting
30 seconds (when relaying a response from the client to the
authentication server, the amount of time the switch waits for
a reply before resending the response to the server.)
You can change this timeout period by using the dot1x timeout
server-timeout interface configuration command.
Disabled.
None specified.
Disabled.
None specified.
None specified.
Disabled.
Disabled.
OL-29048-01
Hide quick links:
Advertisement
Table of Contents
