Cisco Systems 4500 Switch User Manual

Open as PDF

of 1504

40-76

Software Configuration Guide—Release 15.0(2)SG

OL-23818-01

Chapter 40 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication

This example shows how to enable 802.1X fallback to MAB, and then to enable web-based

authentication, on an 802.1X-enabled port:

Switch(config)# ip admission name rule1 proxy http

Switch(config)# fallback profile fallback1

Switch(config-fallback-profile)# ip access-group default-policy in

Switch(config-fallback-profile)# ip admission rule1

Switch(config-fallback-profile)# exit

Switch(config)# interface gigabit5/9

Switch(config-if)# switchport mode access

Switch(config-if)# authentication port-control auto

Switch(config-if)# dot1x pae authenticator

Switch(config-if)# authentication order dot1x mab webauth

Switch(config-if)# mab eap

Switch(config-if)# authentication fallback fallback1

Switch(config-if)# exit

Switch(config)# ip device tracking

Switch(config)# exit

To determine if a host was authenticated using 802.1X when fallback authentication is configured on the

port, enter the following commands:

Switch# show authentication sessions interface g7/2

Interface: GigabitEthernet7/2

MAC Address: 0060.b057.4687

IP Address: Unknown

User-Name: test2

Status: Authz Success

Domain: DATA

Oper host mode: multi-auth

Oper control dir: both

Authorized By: Authentication Server

Vlan Policy: N/A

Session timeout: N/A

Idle timeout: N/A

Common Session ID: C0A8013F0000000901BAB560

Acct Session ID: 0x0000000B

Handle: 0xE8000009

Runnable methods list:

Method State

dot1x Authc Success

mab Not run

Switch# show dot1x interfaces g7/2 detail

Step 15

Switch(config-if)# authentication timer restart

seconds

(Optional) Specifies a period after which the

authentication process restarts in an attempt to

authenticate an unauthorized port.

• seconds—Specifies the restart period. The range is

from 1 to 65535 seconds.

Step 16

Switch(config-if)# exit

Returns to global configuration mode.

Step 17

Switch(config)# ip device tracking

Enables the IP device tracking table, which is required for

web-based authentication.

Step 18

Switch(config)# exit

Returns to privileged EXEC mode.

Step 19

Switch# show dot1x interface type slot/port

Verifies your entries.

Command Purpose

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 4500 Switch User Manual