Cisco Systems 2960 Manual De Usuario
10-8
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Authentication Manager
In Cisco IOS Release 12.2(46)SE and earlier, you could not use the same authorization methods, including
CLI commands and messages, on this switch and also on other network devices, such as a Catalyst 6000.
You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports
the same authorization methods on all Catalyst switches in a network.
CLI commands and messages, on this switch and also on other network devices, such as a Catalyst 6000.
You had to use separate authentication configurations. Cisco IOS Release 12.2(50)SE and later supports
the same authorization methods on all Catalyst switches in a network.
Cisco IOS Release 12.2(55)SE supports filtering verbose system messages from the authentication
manager. For details, see the
manager. For details, see the
•
•
•
Port-Based Authentication Methods
•
Single host–Only one data or voice host (client) can be authenticated on a port.
•
Multiple host–Multiple data hosts can be authenticated on the same port. (If a port becomes
unauthorized in multiple-host mode, the switch denies network access to all of the attached clients.)
unauthorized in multiple-host mode, the switch denies network access to all of the attached clients.)
•
Multidomain authentication (MDA) –Both a data device and voice device can be authenticated on
the same switch port. The port is divided into a data domain and a voice domain.
the same switch port. The port is divided into a data domain and a voice domain.
•
Multiple authentication–Multiple hosts can authenticate on the data VLAN. This mode also allows
one client on the VLAN if a voice VLAN is configured.
one client on the VLAN if a voice VLAN is configured.
Table 10-1
802.1x Features
Authentication method
Mode
Single Host
Multiple Host
MDA
1
Multiple
Authentication
Authentication
2
802.1x
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL
ACL
3
Redirect URL
3
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL
ACL
4
Redirect URL
3
VLAN assignment
Per-user ACL
3
Filter-Id attribute
3
Downloadable
ACL
ACL
3
Redirect URL
3
Per-user ACL
3
Filter-Id attribute
3
Downloadable
ACL
ACL
3
Redirect URL
3
MAC authentication bypass
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL
ACL
3
Redirect URL
3
VLAN assignment
Per-user ACL
Filter-ID attribute
Downloadable
ACL
ACL
3
Redirect URL
3
VLAN assignment
Per-user ACL
3
Filter-Id attribute
3
Downloadable
ACL
ACL
3
Redirect URL
3
Per-user ACL
3
Filter-Id attribute
3
Downloadable
ACL
ACL
3
Redirect URL
3
Standalone web authentication
4
Proxy ACL, Filter-Id attribute, downloadable ACL
2