Cisco Systems DOC-7814982 Stereo System User Manual

Open as PDF

of 648

8-3

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 8 Configuring 802.1X Port-Based Authentication

Understanding 802.1X Port-Based Authentication

Authentication Initiation and Message Exchange

The switch or the client can initiate authentication. If you enable authentication on a port by using the

dot1x port-control auto interface configuration command, the switch must initiate authentication when

it determines that the port link state transitions from down to up. It then sends an EAP-request/identity

frame to the client to request its identity (typically, the switch sends an initial identity/request frame

followed by one or more requests for authentication information). Upon receipt of the frame, the client

responds with an EAP-response/identity frame.

However, if during bootup, the client does not receive an EAP-request/identity frame from the switch,

the client can initiate authentication by sending an EAPOL-start frame, which prompts the switch to

request the client’s identity.

Note If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client

are dropped. If the client does not receive an EAP-request/identity frame after three attempts to start

authentication, the client sends frames as if the port is in the authorized state. A port in the authorized

state effectively means that the client has been successfully authenticated. For more information, see the

“Ports in Authorized and Unauthorized States” section on page 8-4.

When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames

between the client and the authentication server until authentication succeeds or fails. If the

authentication succeeds, the switch port becomes authorized. For more information, see the “Ports in

Authorized and Unauthorized States” section on page 8-4.

The specific exchange of EAP frames depends on the authentication method being used. Figure 8-2

shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication

method with a RADIUS server.

Figure 8-2 Message Exchange

Client

Catalyst 2950 or 3550 switch

Port Authorized

Port Unauthorized

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/OTP

EAP-Response/OTP

EAP-Success

RADIUS Access-Request

RADIUS Access-Challenge

RADIUS Access-Request

RADIUS Access-Accept

EAPOL-Logoff

Authentication

server

(RADIUS)

74616

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems DOC-7814982 Stereo System User Manual