Cisco Systems EA6500 Manual De Usuario
25-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication
802.1X Port-Based Authentication Guidelines and Restrictions
802.1X Port-Based Authentication Guidelines and Restrictions
Follow these guidelines and restrictions when configuring 802.1X port-based authentication:
•
When 802.1X is enabled, ports are authenticated before any other Layer 2 or Layer 3 features are
enabled.
enabled.
•
The 802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports, but
it is not supported on these port types:
it is not supported on these port types:
–
Trunk port—If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X
is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode
is not changed.
is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode
is not changed.
–
EtherChannel port—Before enabling 802.1X on the port, you must first remove it from the
EtherChannel port-channel interface. If you try to enable 802.1X on an EtherChannel
port-channel interface or on an individual active port in an EtherChannel, an error message
appears, and 802.1X is not enabled. If you enable 802.1X on a not-yet active individual port of
an EtherChannel, the port does not join the EtherChannel.
EtherChannel port-channel interface. If you try to enable 802.1X on an EtherChannel
port-channel interface or on an individual active port in an EtherChannel, an error message
appears, and 802.1X is not enabled. If you enable 802.1X on a not-yet active individual port of
an EtherChannel, the port does not join the EtherChannel.
–
Secure port—You cannot configure a secure port as an 802.1X port. If you try to enable 802.1X
on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an
802.1X-enabled port to a secure port, an error message appears, and the security settings are not
changed.
on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an
802.1X-enabled port to a secure port, an error message appears, and the security settings are not
changed.
–
Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination
port. You can enable 802.1X on a SPAN source port.
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination
port. You can enable 802.1X on a SPAN source port.
Retransmission time
30 seconds (number of seconds that the switch should
wait for a response to an EAP request/identity frame
from the client before retransmitting the request)
wait for a response to an EAP request/identity frame
from the client before retransmitting the request)
Maximum retransmission number
2 times (number of times that the switch will send an
EAP-request/identity frame before restarting the
authentication process)
EAP-request/identity frame before restarting the
authentication process)
Multiple host support
Disabled
Client timeout period
30 seconds (when relaying a request from the
authentication server to the client, the amount of time the
switch waits for a response before retransmitting the
request to the client)
authentication server to the client, the amount of time the
switch waits for a response before retransmitting the
request to the client)
Authentication server timeout period
30 seconds (when relaying a response from the client to
the authentication server, the amount of time the switch
waits for a reply before retransmitting the response to the
server)
the authentication server, the amount of time the switch
waits for a reply before retransmitting the response to the
server)
Table 25-1 Default 802.1X Configuration (continued)
Feature
Default Setting