C H A P T E R
12-1
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
12
Configuring IEEE 802.1x Port-Based
Authentication
IEEE 802.1x port-based authentication prevents unauthorized devices (clients) from gaining access to
the network.
The IE 3000 switch command reference and the “RADIUS Commands” section in the Cisco IOS
Security Command Reference, Release 12.2, have command syntax and usage information.
•
Understanding IEEE 802.1x Port-Based Authentication, page 12-1
•
Configuring 802.1x Authentication, page 12-26
•
Displaying 802.1x Statistics and Status, page 12-59
Understanding IEEE 802.1x Port-Based Authentication
The standard defines a client-server-based access control and authentication protocol that prevents
clients from connecting to a LAN through publicly accessible ports unless they are authenticated. The
authentication server authenticates each client connected to a switch port before making available any
switch or LAN services.
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication
Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP)
traffic through the port to which the client is connected. After authentication, normal traffic passes
through the port.
•
Device Roles, page 12-2
•
Authentication Process, page 12-3
•
Authentication Initiation and Message Exchange, page 12-5
•
Authentication Manager, page 12-7
•
Ports in Authorized and Unauthorized States, page 12-9
•
802.1x Host Mode, page 12-10
•
Multidomain Authentication, page 12-11
•
802.1x Multiple Authentication Mode, page 12-12
•
802.1x Accounting, page 12-12
•
802.1x Accounting Attribute-Value Pairs, page 12-13
•
802.1x Readiness Check, page 12-14