Cisco Cisco Catalyst 2960X-48FPS-L Switch White Paper
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
© 2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information
Page 6 of 19
White Paper
Authentication and Authorization Use Cases
Local authentication with configured username, password, radius attributes and ACL
Local authentication with different authentication profiles - PEAP/LEAP/TLS/EAP-
FAST/MD5
Remote authentication with various host modes (single-host, multi-host, multi-domain,
multi-auth)
PCs, Laptops, Phones, PC behind phones - data and voice domains configured in same
VLAN and different VLANs
Webauth with gateway for that VLAN terminating on a different switch
Authentication with multiple ISE servers and load balancing
Supplicant Switch authenticates with Authenticator Switch using dot1X over single-host
trunk port with Client Information Signalling Protocol (CISP) enabled
Authentication - client moved from one supplicant switch to another
Authentication and authorization on multiple uplink ports on different ASIC
Change of Authorization (CoA) on Multi-Authentication (MA) and Multi-Domain
Authentication (MDA) ports, single-host and multi-host
Local Web Authentication (LWA) and Centralized Web Authentication (CWA)
Custom Webauth, Consent and Webconsent (login, failure, success) with and without
virtual IP in Apple and Android devices
External Webauth, Consent and Webconsent with fin-wait timer in iPad, Andriod and
Windows devices
Captive Bypass Portal with HTTPS in iPad and Android devices with Webauth, Consent
and Webconsent
Webauth, Consent and Webconsent with and without Virtual IP (VIP)
Extensible Authentication Protocol (EAP) chaining with username and password
EAP chaining with security certificates (TLS)
IPV6 Webauth, Consent, and Webconsent
Port security with voice and data clients
Mac move: Data host moving from one port to another
Host presence: Data host disconnect behind IP phone
SSH / TACACS
PACL, VACL, DACL Use Cases
DACL programmed in hardware for every wired authenticated and authorized client:
Dot1X PC, MAB PC, Dot1X Phones, MAB Phones
DACL programmed in hardware for every wired and wireless authenticated and
authorized client: Two AP with wireless clients connected to ASIC 0 and ASIC 1
Simultaneously download of DACL policies with remark on multiple MA and MDA ports
Per-User ACL for 20 Dot1X users on single MA port