Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide, Rel. 12.2(25)SEF1

ManualsBrandsHP ManualsComputer AccessoriesCisco Catalyst Blade Switch 3020 for HP c-Class BladeSystem

191

192

193

194

195

196

197

198

199

200

7-22

Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide

OL-8915-01

Chapter 7 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

MAC Authentication Bypass

These are the MAC authentication bypass configuration guidelines:

• Unless otherwise stated, the MAC authentication bypass guidelines are the same as the IEEE 802.1x

authentication guidelines. For more information, see the “IEEE 802.1x Authentication” section on

page 7-20.

• If you disable MAC authentication bypass from a port after the port has been authorized with its

MAC address, the port state is not affected.

• If the port is in the unauthorized state and the client MAC address is not the authentication-server

database, the port remains in the unauthorized state. However, if the client MAC address is added to

the database, the switch can use MAC authentication bypass to re-authorize the port.

• If the port is in the authorized state, the port remains in this state until re-authorization occurs.

Configuring IEEE 802.1x Authentication

To configure IEEE 802.1x port-based authentication, you must enable authentication, authorization, and

accounting (AAA) and specify the authentication method list. A method list describes the sequence and

authentication method to be queried to authenticate a user.

To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the

switch for all network-related service requests.

This is the IEEE 802.1x AAA process:

Step 1 A user connects to a port on the switch.

Step 2 Authentication is performed.

Step 3 VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.

Step 4 The switch sends a start message to an accounting server.

Step 5 Re-authentication is performed, as necessary.

Step 6 The switch sends an interim accounting update to the accounting server that is based on the result of

re-authentication.

Step 7 The user disconnects from the port.

Step 8 The switch sends a stop message to the accounting server.

Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1x port-based

authentication:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.