Support User Manuals

Cisco Systems 3750E Webcam User Manual

Open as PDF

of 1236

10-43

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

OL-9775-02

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

This example shows how to configure IEEE 802.1x authentication with web authentication as a fallback

method.

Switch(config) configure terminal

Switch(config)# ip admission name rule1 proxy http

Switch(config)# fallback profile fallback1

Switch(config-fallback-profile)# ip access-group default-policy in

Switch(config-fallback-profile)# ip admission rule1

Switch(config-fallback-profile)# exit

Switch(config)# interface gigabit1/0/1

Switch(config-if)# switchport mode access

Switch(config-if)# dot1x port-control auto

Switch(config-if)# dot1x fallback fallback1

Switch(config-if)# end

For more information about the ip admission name and dot1x fallback commands, see the command

reference for this release.

Disabling IEEE 802.1x Authentication on the Port

You can disable IEEE 802.1x authentication on the port by using the no dot1x pae interface

configuration command.

Beginning in privileged EXEC mode, follow these steps to disable IEEE 802.1x authentication on the

port. This procedure is optional.

To configure the port as an IEEE 802.1x port access entity (PAE) authenticator, which enables

IEEE 802.1x on the port but does not allow clients connected to the port to be authorized, use the dot1x

pae authenticator interface configuration command.

Step 10

dot1x fallback fallback-profile Configure the port to authenticate a client by using web

authentication when no IEEE 802.1x supplicant is detected on the

port. Any change to the fallback-profile global configuration takes

effect the next time IEEE 802.1x fallback is invoked on the interface.

Note Web authorization cannot be used as a fallback method for

IEEE 802.1x if the port is configured for multidomain

authentication.

Step 11

exit Return to privileged EXEC mode.

Step 12

show dot1x interface interface-id Verify your configuration.

Step 13

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the port to be configured, and enter interface configuration mode.

Step 3

no dot1x pae Disable IEEE 802.1x authentication on the port.

Step 4

end Return to privileged EXEC mode.

Step 5

show dot1x interface interface-id Verify your entries.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next