Specifications

ManualsBrandsCisco ManualsComputer equipment2955T 12 - Catalyst Switch

221

222

223

224

225

226

227

228

229

230

10-10

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

78-11380-07

Chapter10 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Authentication

Beginning in privileged EXEC mode, follow these steps to configure 802.1X port-based authentication.

This procedure is required.

To disable AAA, use the no aaa new-model global configuration command. To disable 802.1X AAA

authentication, use the no aaa authentication dot1x {default | list-name} method1 [method2...] global

configuration command. To disable 802.1X AAA authorization, use the no aaa authorization global

configuration command. To disable 802.1X authentication, use the dot1x port-control

force-authorized or the no dot1x port-control interface configuration command.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication dot1x {default}

method1 [method2...]

Create an 802.1X authentication method list.

To create a default list that is used when a named list is not specified in

the authentication command, use the default keyword followed by the

methods that are to be used in default situations. The default method list

is automatically applied to all interfaces.

Enter at least one of these keywords:

• group radius—Use the list of all RADIUS servers for authentication.

• none—Use no authentication. The client is automatically

authenticated by the switch without using the information supplied by

the client.

Step 4

aaa authorization network {default}

group radius

(Optional) Configure the switch for user RADIUS authorization for all

network-related service requests, such as VLAN assignment.

Note

Step 5

interface interface-id Enter interface configuration mode, and specify the interface connected to

the client that is to be enabled for 802.1X authentication.

Step 6

dot1x port-control auto Enable 802.1X authentication on the interface.

For feature interaction information with trunk, dynamic, dynamic-access,

EtherChannel, secure, and SPAN ports, see the “802.1X Configuration

Guidelines” section on page 10-9.

Step 7

end Return to privileged EXEC mode.

Step 8

show dot1x Verify your entries.

Check the Status column in the 802.1X Port Summary section of the

display. An enabled status means the port-control value is set either to

auto or to force-unauthorized.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.