Filter
Top Products
Chapter 60: 802.1x Port-based Network Access Control
882
Configuring Authenticator Ports
Designating
Authenticator
Ports
You have to designate ports as authenticator ports before you can
configure their settings. There are three DOT1X PORT-CONTROL
commands for designating authenticator ports. The command you use is
determined by whether or not the switch is part of an active network.
If the switch is not part of an active network or is not forwarding traffic, you
can use the DOT1X PORT-CONTROL AUTO command to designate the
authenticator ports. This command designates ports such that they
immediately begin to function as authenticator ports, blocking all traffic
until supplicants log on to the RADIUS server. This example of the
command configures ports 1 and 5 to immediately commence functioning
as authenticator ports.
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1,port1.0.5
awplus(config-if)# dot1x port-control auto
Using the DOT1X PORT-CONTROL AUTO command when the switch is
part of a live network interrupts network operations because the
designated ports stop forwarding traffic until the clients log on. If your
switch is part of an active network, the DOT1X PORT-CONTROL FORCE-
AUTHORIZED command would probably be more appropriate because
the authenticator ports continue forwarding packets without any
authentication. This example of the command designates port 16 as an
authenticator port that is to continue to forward packets:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16
awplus(config-if)# dot1x port-control force-authorized
Designating the
Authentication
Methods
After designating a port as an authenticator port, you have to designate its
authentication method. The authentication method of a port can be either
an 802.1x username and password combination or MAC address. The
methods are explained in “Authentication Methods for Authenticator Ports”
on page 867.
You do not have to enter any command to set a port to 802.1x username
and password authentication because that is the default setting. But to
configure a port to the MAC address authentication method, you use the
AUTH-MAC ENABLE command. This example configures port 16 as an
authenticator port that uses the MAC address authentication method: