Users Guide
14 Contents
Authentication . . . . . . . . . . . . . . . . . . . . . . 293
Authentication Access Types
. . . . . . . . . . . 293
Authentication Manager
. . . . . . . . . . . . . . 294
Using RADIUS
. . . . . . . . . . . . . . . . . . . . 303
Using TACACS+
. . . . . . . . . . . . . . . . . . 308
Dynamic ACL Overview
. . . . . . . . . . . . . . . 310
Authentication Examples
. . . . . . . . . . . . . . 317
Public Key SSH Authentication Example
. . . . . . 325
Associating a User With an SSH Key
. . . . . . . . 334
Authorization
. . . . . . . . . . . . . . . . . . . . . . . 336
Exec Authorization Capabilities
. . . . . . . . . . . 336
Authorization Examples
. . . . . . . . . . . . . . . 338
RADIUS Change of Authorization
. . . . . . . . . . 340
TACACS Authorization
. . . . . . . . . . . . . . . 344
Accounting
. . . . . . . . . . . . . . . . . . . . . . . . 348
RADIUS Accounting
. . . . . . . . . . . . . . . . 348
IEEE 802.1X
. . . . . . . . . . . . . . . . . . . . . . . . 351
What is IEEE 802.1X?
. . . . . . . . . . . . . . . . 351
What are the 802.1X Port Authentication Modes?
. 352
What are Authentication Host Modes
. . . . . . . 353
What is MAC Authentication Bypass?
. . . . . . . 354
What is the Role of 802.1X in VLAN Assignment?
. 356
What is Monitor Mode?
. . . . . . . . . . . . . . . 360
How Does the Authentication Server Assign
DiffServ Policy or ACLs?
. . . . . . . . . . . . . . 362
What is the Internal Authentication Server?
. . . . 362
Default 802.1X Values
. . . . . . . . . . . . . . . . 363
Configuring IEEE 802.1X (Web)
. . . . . . . . . . . 364
Captive Portal
. . . . . . . . . . . . . . . . . . . . . . 388
Captive Portal Overview
. . . . . . . . . . . . . . 388
Default Captive Portal Behavior and Settings
. . . 396