Cisco Systems WSC4500X16SFP Manual De Usuario
29-13
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 29 Understanding and Configuring 802.1X Port-Based Authentication
How to Configure 802.1X
•
When 802.1X is configured on a port, you cannot connect multiple IP-phones to a Catalyst 4500
series switch through a hub.
series switch through a hub.
•
Because voice VLANs cannot be configured as private VLAN host ports, and because only private
VLANs can be assigned to private VLAN host ports, VLAN assignment cannot assign a private
VLAN to a port with a voice VLAN configured.
VLANs can be assigned to private VLAN host ports, VLAN assignment cannot assign a private
VLAN to a port with a voice VLAN configured.
Supported Topologies
The 802.1X port-based authentication supports two topologies:
•
Point to point
•
Wireless LAN
In a point-to-point configuration (see
), only one client can be connected to the
802.1X-enabled switch port when the multi-host mode is not enabled (the default). The switch detects
the client when the port link state changes to the up state. If a client leaves or is replaced with another
client, the switch changes the port link state to down, and the port returns to the unauthorized state.
the client when the port link state changes to the up state. If a client leaves or is replaced with another
client, the switch changes the port link state to down, and the port returns to the unauthorized state.
802.1X port as a multiple-host port that is authorized as a wireless access point once the client is
authenticated. (See the
authenticated. (See the
.) When the port is authorized,
all other hosts that are indirectly attached to the port are granted access to the network. If the port
becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the switch
denies access to the network for all wireless access point-attached clients. In this topology, the wireless
access point is responsible for authenticating clients attached to it, and the wireless access point acts as
a client to the switch.
becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the switch
denies access to the network for all wireless access point-attached clients. In this topology, the wireless
access point is responsible for authenticating clients attached to it, and the wireless access point acts as
a client to the switch.
Figure 29-4 Wireless LAN Example
How to Configure 802.1X
These sections describe how to configure 802.1X:
•
•
•
(required)
•
(required)
Wireless
clients
Wireless
access point
Catalyst 4500 Network
Access Switch
RADIUS
94160
Authenticator
Authentication server
Supplicants