Cisco Systems ME 3400 Switch User Manual

Open as PDF

of 1086

8-6

Cisco ME 3400 Ethernet Access Switch Software Configuration Guide

OL-9639-06

Chapter 8 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

You can view the AV pairs that are being sent by the switch by enabling the debug radius accounting

or debug aaa accounting privileged EXEC commands. For more information about these commands,

see the Cisco IOS Debug Command Reference, Release 12.2 at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122debug/

See RFC 3580, “IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines,”

for more information about AV pairs.

IEEE 802.1x Host Mode

You can configure an IEEE 802.1x port for single-host or for multiple-hosts mode. In single-host mode

(see

Figure 8-1 on page 8-2), only one client can be connected to the IEEE 802.1x-enabled switch port.

The switch detects the client by sending an EAPOL frame when the port link state changes to the up

state. If a client leaves or is replaced with another client, the switch changes the port link state to down,

and the port returns to the unauthorized state.

In multiple-hosts mode, you can attach multiple hosts to a single IEEE 802.1x-enabled port. Figure 8-3

on page 8-7 shows IEEE 802.1x port-based authentication in a wireless LAN. In this mode, only one of

the attached clients must be authorized for all clients to be granted network access. If the port becomes

unauthorized (re-authentication fails or an EAPOL-logoff message is received), the switch denies

network access to all of the attached clients. In this topology, the wireless access point is responsible for

authenticating the clients attached to it, and it also acts as a client to the switch.

With the multiple-hosts mode enabled, you can use IEEE 802.1x to authenticate the port and port

security to manage network access for all MAC addresses, including that of the client.

Attribute[40] Acct-Status-Type

Attribute[41] Acct-Delay-Time

Attribute[42] Acct-Input-Octets

Attribute[43] Acct-Output-Octets

Attribute[44] Acct-Session-ID

Attribute[45] Acct-Authentic

Attribute[46] Acct-Session-Time

Attribute[49] Acct-Terminate-Cause

Table 8-1 Accounting AV Pairs (continued)

Attribute number AV pair name

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ME 3400 Switch User Manual