Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
81828384858687888990
2-27
Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)
OL_28738-01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication host-mode
web-based authentication. F urthermore, if you use dAC Ls for data devices and not for voi ce devices,
when the user’s data falls back to webauth, voice traffic is affected by the ACL that is applied b ased on
the fallback policy. Therefore if webauth is configured as a fallback on an MDA enabled port, dACL is
the only supporte d enfor cement me thod.
Multi-auth mode classifies the session as a MAC-based. No limit exists for the number of clients allowed
on a port data domain. Only one client is allowed in a voice domain and each one is required to
authenticate separately. Any policies that are downloaded for the client are applied for that client’s MAC
or IP only and do not affect others on the same por t.
The optional pre-authentication open access mode allows you to gain network access before
authentication is performed.This is primarily required for the PXE boot scenario, but not limited to just
that use case, where a device needs to access the network before PXE times out and downloads a
bootable image pos sibly c ontaining a s upplicant.
The configuration related to this feature is attached to the host-mode configuration whereby the
host-mode itself is significant for the control plane, while the open access configuration is significant
for the data plane. Open-access configuration has absolutely no bearing on the session classification.
The host-mode configuration still controls this. If the open-access is defined for sing le-host mode, the
port still allows only one MAC address. The port forwards traffic from the start and is only restricted by
what is configured on the port. Such confi gurations are independen t of 802.1X. So, if there is no form
of access-restriction configured on the port, the client devices have full access on the configured VLAN.
You can verify your settings with the show authentication privileged EXEC command.
Examples This example shows how to define the classifica tion of a session that are used to a pply the
access-policies using the host-mode configuration:
Switch(config-if)# authentication host-mode single-host
Switch(config-if)#
Related Commands Command Description
show authentication Displays Authentication Manager information.