Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 421

    Page 421 Security: 802.1X Authentication Authenticator Overview 384 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 •force-unauthorized Port authentication is disabled and the port transmits all traffic via the guest VLAN and unauthenticated VLANs. For more information see Defining Host and Session Authentication. The switch sends 802.1x EAP packets with EAP failure messages inside when it receives 802.1x EAPOL-Start messages. •auto Enables 802.1 x... 
    Security: 802.1X Authentication
Authenticator Overview
384 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
19
•force-unauthorized
Port authentication is disabled and the port transmits all traffic via the guest 
VLAN and unauthenticated VLANs. For more information see Defining Host 
and Session Authentication. The switch sends 802.1x EAP packets with 
EAP failure messages inside when it receives 802.1x EAPOL-Start 
messages.
•auto
Enables 802.1 x...

    Page 422

    Page 422 Security: 802.1X Authentication Authenticator Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 385 19 When a port is unauthorized and a guest VLAN is enabled, untagged traffic is remapped to the guest VLAN. Tagged traffic is dropped unless it belongs to the guest VLAN or to an unauthenticated VLAN. If guest VLAN is not enabled on a port, only tagged traffic belonging to unauthenticated VLANs is bridged. When a port is authorized, untagged... 
    Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  385
19
 
When a port is unauthorized and a guest VLAN is enabled, untagged traffic 
is remapped to the guest VLAN. Tagged traffic is dropped unless it belongs 
to the guest VLAN or to an unauthenticated VLAN. If guest VLAN is not 
enabled on a port, only tagged traffic belonging to unauthenticated VLANs 
is bridged.
When a port is authorized, untagged...

    Page 423

    Page 423 Security: 802.1X Authentication Authenticator Overview 386 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 The Sx300 in Layer 3 router mode supports the multi-sessions mode without guest VLAN and RADIUS-VLAN assignment: Multiple Authentication Methods If more than one authentication method is enabled on the switch, the following hierarchy of authentication methods is applied: •802.1x Authentication: Highest •WEB-Based Authentication •MAC-Based... 
    Security: 802.1X Authentication
Authenticator Overview
386 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
19
The Sx300 in Layer 3 router mode supports the multi-sessions mode 
without guest VLAN and RADIUS-VLAN assignment:
Multiple Authentication Methods
If more than one authentication method is enabled on the switch, the following 
hierarchy of authentication methods is applied: 
•802.1x Authentication: Highest
•WEB-Based Authentication
•MAC-Based...

    Page 424

    Page 424 Security: 802.1X Authentication Authenticator Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 387 19 This is described in the following: Figure 1 802.1x-Based Authentication MAC-Based Authentication MAC-based authentication is an alternative to 802.1X authentication that allows network access to devices (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC-based authentication uses the MAC address of the... 
    Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  387
19
 
This is described in the following:
Figure 1 802.1x-Based Authentication
MAC-Based Authentication
MAC-based authentication is an alternative to 802.1X authentication that allows 
network access to devices (such as printers and IP phones) that do not have the 
802.1X supplicant capability. MAC-based authentication uses the MAC address of 
the...

    Page 425

    Page 425 Security: 802.1X Authentication Authenticator Overview 388 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 WEB-Based Authentication WEB-based authentication is used to authenticate end users who request access to a network through a switch. It enables clients directly connected to the switch to be authenticated using a captive-portal mechanism before the client is given access to the network. Web-based authentication is client-based... 
    Security: 802.1X Authentication
Authenticator Overview
388 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
19
WEB-Based Authentication
WEB-based authentication is used to authenticate end users who request access 
to a network through a switch. It enables clients directly connected to the switch to 
be authenticated using a captive-portal mechanism before the client is given 
access to the network. Web-based authentication is client-based...

    Page 426

    Page 426 Security: 802.1X Authentication Authenticator Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 389 19 After authentication is completed, the switch forwards all traffic arriving from the client on the port, as shown in the figure below. Figure 3 WEB-Based Authentication Web-based authentication cannot be configured on a port that has the guest VLAN or RADIUS-Assigned VLAN feature enabled. Web-based authentication supports the following... 
    Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  389
19
 
After authentication is completed, the switch forwards all traffic arriving from the 
client on the port, as shown in the figure below.
Figure 3 WEB-Based Authentication
Web-based authentication cannot be configured on a port that has the guest 
VLAN or RADIUS-Assigned VLAN feature enabled.
Web-based authentication supports the following...

    Page 427

    Page 427 Security: 802.1X Authentication Authenticator Overview 390 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 NOTE •When web-based authentication is not supported, guest VLAN and DVA cannot be configured in multi-session mode. •When web-based authentication is supported, guest VLAN and DVA can be configured in multi-session mode Unauthenticated VLANs and the Guest VLAN Unauthenticated VLANs and the guest VLAN provide access to services that do not... 
    Security: 802.1X Authentication
Authenticator Overview
390 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
19
NOTE
•When web-based authentication is not supported, guest VLAN and DVA 
cannot be configured in multi-session mode.
•When web-based authentication is supported, guest VLAN and DVA can be 
configured in multi-session mode
Unauthenticated VLANs and the Guest VLAN
Unauthenticated VLANs and the guest VLAN provide access to services that do 
not...

    Page 428

    Page 428 Security: 802.1X Authentication Authenticator Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 391 19 Host Modes with Guest VLAN The host modes work with guest VLAN in the following way: •Single-Host and Multi-Host Mode Untagged traffic and tagged traffic belonging to the guest VLAN arriving on an unauthorized port are bridged via the guest VLAN. All other traffic is discarded. The traffic belonging to an unauthenticated VLAN is bridged via... 
    Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  391
19
 
Host Modes with Guest VLAN
The host modes work with guest VLAN in the following way:
•Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the guest VLAN arriving on 
an unauthorized port are bridged via the guest VLAN. All other traffic is 
discarded. The traffic belonging to an unauthenticated VLAN is bridged via...

    Page 429

    Page 429 Security: 802.1X Authentication Authenticator Overview 392 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 19 For a device to be authenticated and authorized at a port which is DVA-enabled: •The RADIUS server must authenticate the device and dynamically assign a VLAN to the device. You can set the RADIUS VLAN Assignment field to static in the Port Authentication page. This enables the host to be bridged according to static configuration. •A RADIUS... 
    Security: 802.1X Authentication
Authenticator Overview
392 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
19
For a device to be authenticated and authorized at a port which is DVA-enabled:
•The RADIUS server must authenticate the device and dynamically assign a 
VLAN to the device. You can set the RADIUS VLAN Assignment field to 
static in the Port Authentication page. This enables the host to be bridged 
according to static configuration.
•A RADIUS...

    Page 430

    Page 430 Security: 802.1X Authentication Authenticator Overview Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 393 19 Violation Mode In single-host mode you can configure the action to be taken when an unauthorized host on authorized port attempts to access the interface. This is done in the Host and Session Authentication page. The following options are available: •restrict—Generates a trap when a station, whose MAC address is not the supplicant MAC... 
    Security: 802.1X Authentication
Authenticator Overview
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  393
19
 
Violation Mode
In single-host mode you can configure the action to be taken when an 
unauthorized host on authorized port attempts to access the interface. This is 
done in the Host and Session Authentication page.
The following options are available:
•restrict—Generates a trap when a station, whose MAC address is not the 
supplicant MAC...
    Start reading Cisco Sg3008 Manual

    Related Manuals for Cisco Sg3008 Manual

    All Cisco manuals