Specifications

ManualsBrandsEnterasys ManualsComputer equipment802.1Q

Configuring Authentication

April 15, 2011 Page 16 of 36

Configuring IEEE 802.1x

ConfiguringIEEE802.1xonanauthenticatorswitchportconsistsof:

•Settingtheauthenticationmodegloballyandperport

• Configuringoptionalauthenticationportparametersgloballyandperport

• Globallyenabling802.1x authenticationfortheswitch

Procedure 1describeshowtoconfigureIEEE802.1xonanauthenticatorswitchport.Unspecified

parametersusetheirdefaultvalues.

Procedure 1 IEEE 802.1x Configuration

Step Task Command(s)

1. Set the IEEE 802.1x authentication mode both

globally and per port:

• Auto - The switch will only forward

authenticated frames.

• Forced-auth - 802.1x authentication is

effectively disabled for this port. All received

frames are forwarded.

• Forced-unauth - 802.1x authentication is

effectively disabled on the port. If 802.1x is

the only authentication method on the port, all

frames are dropped.

Note: Before enabling 802.1x authentication on

the switch, you must set the authentication

mode of ports that will not be participating in

802.1x authentication to forced-authorized to

assure that frames will be forwarded on these

ports. Examples of this kind of port are

connections between switches and connections

between a switch and a router.

The setting of dot1x options other than

authcontrolled-portcontrol are optional.

set dot1x auth-config

{[authcontrolled-portcontrol {auto |

forced-auth | forced-unauth}]

[keytxenabled{false | true}] [maxreq value]

[quietperiod value] [reauthenabled {false |

true}] [reauthperiod value] [servertimeout

timeout] [supptimeout timeout] [txperiod

value]} [port-string]

2. Display the access entity index values. Ports

used to authenticate and authorize supplicants

utilize access entities that maintain entity state,

counters, and statistics for an individual

supplicant. You need to know the index value

associated with a single entity to enable,

disable, initialize, or reauthenticate a single

entity.

show dot1x auth-session-stats

3. Enable EAP on the stackable fixed switch or

standalone fixed switch. EAP is enabled on the

modular switch when enabling IEEE 802.1x. See

Step 4.

set eapol [enable | disable] [auth-mode

{auto | forced-auth | forced-unauth}

port-string

4. Enable IEEE 802.1x globally on the switch.

Ports default to enabled.

set dot1x {enable | disable}