Cisco Systems 3130 User Manual

9-22

Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide

OL-13270-01

Chapter 9 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

For example:

proxyacl# 10=permit ip any 10.0.0.0 255.0.0.0

proxyacl# 20=permit ip any 11.1.0.0 255.255.0.0

proxyacl# 30=permit udp any any eq syslog

proxyacl# 40=permit udp any any eq tftp

Note

The proxyacl entry determines the type of allowed network access.

For more information, see the

“Configuring Web Authentication” section on page 9-42

Web Authentication with Automatic MAC Check

You can use web authentication with automatic MAC check to authenticate a client that does not support
IEEE 802.1x or web browser functionality. This allows end hosts, such as printers, to automatically
authenticate by using the MAC address without any additional required configuration.

Web authentication with automatic MAC check only works in web authentication standalone mode. You
cannot use this if web authentication is configured as a fallback to IEEE 802.1x authentication.

The MAC address of the device must be configured in the Access Control Server (ACS) for the automatic
MAC check to succeed. The automatic MAC check allows managed devices, such as printers, to skip
web authentication.

Note

The interoperability of web authentication (with automatic MAC check) and IEEE 802.1x MAC
authentication configured on different ports of the same switch is not supported.

Configuring IEEE 802.1x Authentication

These sections contain this configuration information:

•

Default IEEE 802.1x Authentication Configuration, page 9-23

•

IEEE 802.1x Authentication Configuration Guidelines, page 9-24

•

Configuring IEEE 802.1x Authentication, page 9-26

(required)

•

Configuring the Switch-to-RADIUS-Server Communication, page 9-28

(required)