Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1758
Views
10
Helpful
3
Replies

802.1x clarification...

Go to solution
jimmysands73_2
Level 5
Level 5

‎05-24-2012 08:44 PM - edited ‎03-07-2019 06:53 AM

For ports would this be correctly paraphrased?

Force-unauthorized - Port is effectively shutdown to all traffic.  Switch can not provide authentication to the client, effectively disabling this port.

Force-authorized - No authentication necessary, port would work when cable connected (granted other port config is correct).

Auto - Enables 802.1x, allows EAPOL frames to be sent/recv'd on this port.  If authentication succeeds, changes to authorized state and traffic passes.  If authentication fails, attempt to re-authenticate can be tried.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-28-2012 09:27 PM

Hello Jimmy,

1- Force-unauthorized: Port cannot be used as it's unathorized. It will ignore all traffic ( even 802.1x traffic)

2-Force-authorized: 802.1x is not enabled on the interface, all traffic is allowed on the interface, Its the default state.

3-Auto: 802.1x is enabled on the interface, It will allow ( EAPOL,CDP and STP traffic ) before it authenticates succesfully, afterwards all traffic will be allowed.

Please rate all the helpful posts

Julio

Cisco Engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-28-2012 09:27 PM

Hello Jimmy,

1- Force-unauthorized: Port cannot be used as it's unathorized. It will ignore all traffic ( even 802.1x traffic)

2-Force-authorized: 802.1x is not enabled on the interface, all traffic is allowed on the interface, Its the default state.

3-Auto: 802.1x is enabled on the interface, It will allow ( EAPOL,CDP and STP traffic ) before it authenticates succesfully, afterwards all traffic will be allowed.

Please rate all the helpful posts

Julio

Cisco Engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
allen00874
Level 1
Level 1
In response to Julio Carvajal

‎10-02-2012 08:26 PM

Hi Guys,

Could someone please provide scenarios for the different use cases; it is obvious when to use the auto option. But when would you use Force-unauthorized or Force-authorized?

Thanks,

Allen

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to allen00874

‎10-02-2012 09:20 PM

Hello Allen:

Force-Unauthorized: Over a port that is not being used.

Force-Authorized: Over a port where the client does not support 802.1x and you want to grant permission to him.

Any other question..Sure.. Just remember to rate all of my answers.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card