Support User Manuals

Cisco Systems 2955 Switch User Manual

Open as PDF

of 674

9-16

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

OL-10101-02

Chapter 9 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

Step 6 The switch sends an interim accounting update to the accounting server that is based on the result of

re-authentication.

Step 7 The user disconnects from the port.

Step 8 The switch sends a stop message to the accounting server.

Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1x port-based

authentication. This procedure is required.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication dot1x {default}

method1

Create an IEEE 802.1x authentication method list.

To create a default list that is used when a named list is not specified in

the authentication command, use the default keyword followed by the

method that is to be used in default situations. The default method list is

automatically applied to all ports.

For method1, enter the group radius keyword to use the list of all

RADIUS servers for authentication.

Note Though other keywords are visible in the command-line help

string, only the default and group radius keywords are

supported.

Step 4

dot1x system-auth-control Enable IEEE 802.1x authentication globally on the switch.

Step 5

aaa authorization network {default}

group radius

(Optional) Configure the switch for user RADIUS authorization for all

network-related service requests, such as VLAN assignment.

Step 6

radius-server host ip-address (Optional) Specify the IP address of the RADIUS server.

Step 7

radius-server key string (Optional) Specify the authentication and encryption key used between

the switch and the RADIUS daemon running on the RADIUS server.

Step 8

interface interface-id Specify the port connected to the client that is to be enabled for

IEEE

802.1x authentication, and enter interface configuration mode.

Step 9

swtichport mode access (Optional) Set the port to access mode only if you configured the RADIUS

server in Step 6 and Step 7.

Step 10

dot1x port-control auto Enable IEEE 802.1x authentication on the interface.

For feature interaction information, see the “IEEE 802.1x Authentication

Configuration Guidelines” section on page 9-13.

Step 11

end Return to privileged EXEC mode.

Step 12

show dot1x Verify your entries.

Check the Status column in the IEEE 802.1x Port Summary section of the

display. An enabled status means the port-control value is set to either

auto or to force-unauthorized.

Step 13

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next