Cisco Systems IE 2000 Switch User Manual

Open as PDF

of 924

13-42

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 13 Configuring IEEE 802.1x Port-Based Authentication

How to Configure IEEE 802.1x Port-Based Authentication

Configuring 802.1x Accounting

Before You Begin

AAA must be enabled on your switch.

Configuring a Guest VLAN

When you configure a guest VLAN, clients that are not 802.1x-capable are put into the guest VLAN

when the server does not receive a response to its EAP request/identity frame. Clients that

are

802.1x-capable but that fail authentication are not granted network access. The switch supports guest

VLANs in single-host or multiple-hosts mode.

Command Purpose

Step 1

configure terminal Enters global configuration mode.

Step 2

interface interface-id Specifies the port to be configured, and enter interface configuration

mode.

Step 3

aaa accounting dot1x default

start-stop group radius

Enables 802.1x accounting using the list of all RADIUS servers.

Step 4

aaa accounting system default

start-stop group radius

(Optional) Enables system accounting (using the list of all RADIUS

servers) and generates system accounting reload event messages when the

switch reloads.

Step 5

end Returns to privileged EXEc mode.

Step 6

show running-config Verifies your entries.

Step 7

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enters global configuration mode.

Step 2

interface interface-id Specifies the port to be configured, and enters interface configuration

mode.

Step 3

switchport mode access

switchport mode private-vlan host

Sets the port to access mode

Configures the Layer 2 port as a private-VLAN host port.

Step 4

authentication port-control auto Enables 802.1x authentication on the port.

Step 5

authentication event no-response

action authorize vlan vlan-id

Specifies an active VLAN as an 802.1x guest VLAN. The range is

to 4096.

You can configure any active VLAN except an internal VLAN (routed

port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as

an 802.1x guest VLAN.

Step 6

end Returns to privileged EXEC mode.

Step 7

show authentication interface

interface-id

Verifies your entries.

Step 8

copy running-config startup-config (Optional) Saves your entries in the configuration file.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IE 2000 Switch User Manual