Cisco Systems 3560 사용자 설명서
10-31
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
802.1x Authentication Configuration Guidelines
These section has configuration guidelines for these features:
•
•
•
•
802.1x Authentication
These are the 802.1x authentication configuration guidelines:
•
When 802.1x authentication is enabled, ports are authenticated before any other Layer 2 or Layer 3
features are enabled.
features are enabled.
•
If you try to change the mode of an 802.1x-enabled port (for example, from access to trunk), an error
message appears, and the port mode is not changed.
message appears, and the port mode is not changed.
•
If the VLAN to which an 802.1x-enabled port is assigned changes, this change is transparent and
does not affect the switch. For example, this change occurs if a port is assigned to a RADIUS
server-assigned VLAN and is then assigned to a different VLAN after re-authentication.
does not affect the switch. For example, this change occurs if a port is assigned to a RADIUS
server-assigned VLAN and is then assigned to a different VLAN after re-authentication.
If the VLAN to which an 802.1x port is assigned to shut down, disabled, or removed, the port
becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port
is assigned shuts down or is removed.
becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port
is assigned shuts down or is removed.
Maximum retransmission number
2 times (number of times that the switch will send an EAP-request/identity
frame before restarting the authentication process).
frame before restarting the authentication process).
Client timeout period
30 seconds (when relaying a request from the authentication server to the
client, the amount of time the switch waits for a response before resending the
request to the client.)
client, the amount of time the switch waits for a response before resending the
request to the client.)
Authentication server timeout period
30 seconds (when relaying a response from the client to the authentication
server, the amount of time the switch waits for a reply before resending the
response to the server.)
server, the amount of time the switch waits for a reply before resending the
response to the server.)
You can change this timeout period by using the authentication timer server
or dot1x timeout server-timeout interface configuration command.
or dot1x timeout server-timeout interface configuration command.
Inactivity timeout
Disabled.
Guest VLAN
None specified.
Inaccessible authentication bypass
Disabled.
Restricted VLAN
None specified.
Authenticator (switch) mode
None specified.
MAC authentication bypass
Disabled.
Voice-aware security
Disabled
Table 10-4
Default 802.1x Authentication Configuration (continued)
Feature
Default Setting