Support User Manuals

Cisco Systems 2950 Network Router User Manual

Open as PDF

of 710

10-18

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

78-11380-10

Chapter 10 Configuring 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Configuring a Guest VLAN

For switches running the EI, when you configure a guest VLAN, clients that are not 802.1x-capable are

put into the guest VLAN when the server does not receive a response to its EAPOL request/identity

frame. Clients that are 802.1x-capable but fail authentication are not granted access to the network. The

switch supports guest VLANs in single-host or multiple-hosts mode.

Beginning in privileged EXEC mode, follow these steps to configure a guest VLAN. This procedure is

optional.

To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command.

The port returns to the unauthorized state.

This example shows how to enable VLAN 9 as an 802.1x guest VLAN on a port:

Switch(config)# interface fastethernet0/1

Switch(config-if)# dot1x guest-vlan 9

This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that

the switch waits for a response to an EAP-request/identity frame from the client before resending the

request, and to enable VLAN 2 as an 802.1x guest VLAN when an 802.1x port is connected to a DHCP

client:

Switch(config-if)# dot1x timeout quiet-period 3

Switch(config-if)# dot1x timeout tx-period 15

Switch(config-if)# dot1x guest-vlan 2

Resetting the 802.1x Configuration to the Default Values

Beginning in privileged EXEC mode, follow these steps to reset the 802.1x configuration to the default

values.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the interface to be configured, and enter interface configuration

mode. For the supported interface types, see the “802.1x Configuration

Guidelines” section on page 10-10.

Step 3

dot1x guest-vlan vlan-id Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to

4094.

Any VLAN can be configured as an 802.1x guest VLAN except RSPAN

VLANs or voice VLANs.

Step 4

end Return to privileged EXEC mode.

Step 5

show dot1x interface interface-id Verify your entries.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the interface to be configured, and enter interface configuration

mode.

previous next