Support User Manuals

Cisco Systems IE 2000 Switch User Manual

Open as PDF

of 924

13-35

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 13 Configuring IEEE 802.1x Port-Based Authentication

How to Configure IEEE 802.1x Port-Based Authentication

Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication:

Command Purpose

Step 1

configure terminal Enters global configuration mode.

Step 2

aaa new-model Enables AAA.

Step 3

aaa authentication dot1x {default}

method1

Creates an 802.1x authentication method list.

To create a default list to use when a named list is not specified in the

authentication command, use the default keyword followed by the

method to use in default situations. The default method list is

automatically applied to all ports.

For method1, enter the group radius keywords to use the list of all

RADIUS servers for authentication.

Note Though other keywords are visible in the command-line help

string, only the group radius keywords are supported.

Step 4

dot1x system-auth-control Enables 802.1x authentication globally on the switch.

Step 5

aaa authorization network {default}

group radius

(Optional) Configures the switch to use user-RADIUS authorization for

all network-related service requests, such as per-user ACLs or VLAN

assignment.

For per-user ACLs, single-host mode must be configured. This setting is

the default.

Step 6

radius-server host ip-address (Optional) Specifies the IP address of the RADIUS server.

Step 7

radius-server key string (Optional) Specifies the authentication and encryption key used between

the switch and the RADIUS daemon running on the RADIUS server.

Step 8

interface interface-id Specifies the port connected to the client to enable for 802.1x

authentication, and enter interface configuration mode.

Step 9

switchport mode access (Optional) Sets the port to access mode only if you configured the

RADIUS server in Step 6 and Step 7.

Step 10

authentication port-control auto Enables 802.1x authentication on the port.

Step 11

dot1x pae authenticator Sets the interface Port Access Entity to act only as an authenticator and

ignore messages meant for a supplicant.

Step 12

end Returns to privileged EXEC mode.

Step 13

show authentication Verifies your entries.

Step 14

copy running-config startup-config (Optional) Saves your entries in the configuration file.

previous next