Installation guide

ManualsBrandsCisco ManualsComputer equipmentHWIC

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards

How to Configure EtherSwitch HWICs

Cisco IOS Release 12.3(8)T4

OL-6454-01

802.1x Configuration Guidelines

These are the 802.1x authentication configuration guidelines:

• When the 802.1x protocol is enabled, ports are authenticated before any other Layer 2 feature is

enabled.

• The 802.1x protocol is supported on Layer 2 static-access ports, but it is not supported on these port

types:

–

Trunk port—If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x

is not enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode

is not changed.

–

Switch Port Analyzer (SPAN) destination port—You can enable 802.1x on a port that is a SPAN

destination port; however, 802.1x is disabled until the port is removed as a SPAN destination.

You can enable 802.1x on a SPAN source port.

Enabling 802.1x Authentication

To enable 802.1x port-based authentication, you must enable AAA and specify the authentication

method list. A method list describes the sequence and authentication methods to be queried to

authenticate a user.

The software uses the first method listed to authenticate users; if that method fails to respond, the

software selects the next authentication method in the method list. This process continues until there is

successful communication with a listed authentication method or until all defined methods are

exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other

authentication methods are attempted.

Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication.

This procedure is required.

SUMMARY STEPS

1. configure terminal

2. configure terminal

3. aaa authentication dot1x {default |

listname

}

method1

[

method2

...]

4. interface

interface-id

5. dot1x port-control auto

6. end

Client timeout period 30 seconds (when relaying a request from the

authentication server to the client, the amount of time the

switch waits for a response before retransmitting the

request to the client). This setting is not configurable.

Authentication server timeout period 30 seconds (when relaying a response from the client to

the authentication server, the amount of time the switch

waits for a reply before retransmitting the response to the

server). This setting is not configurable.

Table 1 Default 802.1x Conﬁguration (continued)

Feature Default Setting