Manualshelf

White Paper

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 3650-48TD-E Switch
12345678910
© 2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information
Page 8 of 19
White Paper
Critical Voice VLAN for new and existing session on MA and MDA ports with local re-
auth timer configured
Existing pre-Critical Auth authorized clients still authorized with local/user profile and
continue to send traffic with un-reachable AAA
Re-trigger authentication for Critical Auth session when AAA becomes alive
Client get new IP during DHCP renew on MA and MDA ports - traffic is allowed from
clients as per DCAL policy
Idle timeout change on ISE for existing sessions for various timeout values
Inactivity timeout for existing sessions for various timeout values
Authorize multiple users on same MA port with various DACL and Filter-Id name lengths
Clear auth session on switch stack when authentication/authorization in progress
Multiple Linksec sessions on MA ports
Host mode changes from Single-Host (SH) > Multi-domain > Multi-Host (MH) > Multi-
authentication
Re-apply same interface template multiple times on same MA and MDA ports
Re-apply same service template multiple times on same MA and MDA ports
Logout Window Disabled, Success Window Disabled on iPad, Android and Windows
devices with Webauth, Consent and Webconsent
Webauth with Virtual IP and Virtual Host Virtual Host is seen in URL redirect
Intercept-https-disabled HTTPS should not redirect
Un-configure policy map for authenticated session Devices should not allow
Custom Webauth, Consent, and Webconsent with image name length greater than
custom page name length for login, success and failure pages
Centralized Web Authentication (CWA) with Dot1X
Webauth DACL with Change of Authorization (CoA)
2000 HTTP/HTTPS invalid/empty credentials
Empty username and password in Apple and Android devices
Change Virtual IP (VIP) for authenticated session and logout
Convert Legacy Authentication (authentication convert new-style)
Webauth after MAP authorization
Accounting start, stop and update records
Perform IOS upgrade (ISSU) from various releases to 3.6.3 (15.2(2)E3)
Scale, Performance and Longevity Use Cases
1000 Dot1X sessions, 1000 MAB sessions - sessions, memory (Auth Mgr, Dot1X, EPM,
FED, FFM) and CPU validated
Download large DACL (64 ACEs) for multiple Dot1X users on Single MA port
2048 open TCP connections with Webauth clients
Centralized Web Authentication (CWA) with 2048 bytes redirect URL length with second
mac-filtering - URL should be automatically redirected