Understanding IEEE 802.1x Port-Based Authentication
Figure 10-6
1
1
3
5
Guidelines
•
•
•
For more information, see the
section on page
Voice Aware 802.1x Security
You use the voice aware 802.1x security feature to configure the switch to disable only the VLAN on
which a security violation occurs, whether it is a data or voice VLAN. In previous releases, when an
attempt to authenticate the data client caused a security violation, the entire port shut down, resulting in
a complete loss of connectivity.
You can use this feature in IP phone deployments where a PC is connected to the IP phone. A security
violation found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the
voice VLAN flows through the switch without interruption.
For information on configuring voice aware 802.1x security, see the
Security" section on page
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
10-32
Authenticator and Supplicant Switch using CISP
Workstations (clients)
Authenticator switch
Trunk port
You can configure NEAT ports with the same configurations as the other authentication ports. When
the supplicant switch authenticates, the port mode is changed from access to trunk based on the
switch vendor-specific attributes (VSAs). (
The VSA changes the authenticator switch port mode from access to trunk and enables 802.1x trunk
encapsulation and the access VLAN if any would be converted to a native trunk VLAN. VSA does
not change any of the port configurations on the supplicant
To change the host mode and the apply a standard port configuration on the authenticator switch
port, you can also use Auto Smartports user-defined macros, instead of the switch VSA. This allows
you to remove unsupported configurations on the authenticator switch port and to change the port
mode from access to trunk. For Auto Smartports macros, Auto Smartports Macros Configuration
Guide and Release Notes for Auto Smartports Macros.
10-60.
10-39.
Chapter 10
2
3
5
2
Supplicant switch (outside wiring closet)
4
Access control server (ACS)
device-traffic-class=switch).
"Configuring an Authenticator and a Supplicant Switch with NEAT"
Configuring IEEE 802.1x Port-Based Authentication
4
"Configuring Voice Aware 802.1x
OL-9775-08