9-22
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide
OL-12247-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
For example:
proxyacl# 10=permit
ip any 10.0.0.0 255.0.0.0
proxyacl# 20=permit
ip any 11.1.0.0 255.255.0.0
proxyacl# 30=permit
udp any any eq syslog
proxyacl# 40=permit
udp any any eq tftp
Note
The proxyacl entry determines the type of allowed network access.
For more information, see the
“Configuring Web Authentication” section on page 9-42
.
Web Authentication with Automatic MAC Check
You can use web authentication with automatic MAC check to authenticate a client that does not support
IEEE 802.1x or web browser functionality. This allows end hosts, such as printers, to automatically
authenticate by using the MAC address without any additional required configuration.
Web authentication with automatic MAC check only works in web authentication standalone mode. You
cannot use this if web authentication is configured as a fallback to IEEE 802.1x authentication.
The MAC address of the device must be configured in the Access Control Server (ACS) for the automatic
MAC check to succeed. The automatic MAC check allows managed devices, such as printers, to skip
web authentication.
Note
The interoperability of web authentication (with automatic MAC check) and IEEE 802.1x MAC
authentication configured on different ports of the same switch is not supported.
Configuring IEEE 802.1x Authentication
These sections contain this configuration information:
•
Default IEEE 802.1x Authentication Configuration, page 9-23
•
IEEE 802.1x Authentication Configuration Guidelines, page 9-24
•
Configuring IEEE 802.1x Authentication, page 9-26
(required)
•
Configuring the Switch-to-RADIUS-Server Communication, page 9-28
(required)
•
Configuring the Host Mode, page 9-29
(optional)
•
Configuring Periodic Re-Authentication, page 9-30
(optional)
•
Manually Re-Authenticating a Client Connected to a Port, page 9-30
(optional)
•
Changing the Quiet Period, page 9-31
(optional)
•
Changing the Switch-to-Client Retransmission Time, page 9-31
(optional)
•
Setting the Switch-to-Client Frame-Retransmission Number, page 9-32
(optional)
•
Setting the Re-Authentication Number, page 9-33
(optional)
•
Configuring IEEE 802.1x Accounting, page 9-33
(optional)
•
Configuring a Guest VLAN, page 9-34
(optional)
•
Configuring a Restricted VLAN, page 9-35
(optional)
•
Configuring the Inaccessible Authentication Bypass Feature, page 9-37
(optional)