160
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Identity Features on Layer 3 Interface
Controlling Port Authorization State
DETAILED STEPS
Verifying the Controlling Port Authorization State
Use the show authentication sessions and show dot1x commands to verify the Controlling Port
Authorization state:
c1921#show authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi0/1 (unknown) dot1x DATA Authz Success 030303030000000A002CFCBC
c1921#show authentication sessions interface gi0/1
Interface: GigabitEthernet0/1
MAC Address: Unknown
IP Address: Unknown
Command or Action Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode. Enter your
password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
interface gigabitethernet slot/port
Example:
Router(config)# interface gigabitethernet
0/0
Enters interface configuration mode.
Step 4
authentication port-control {auto |
force-authorized | force-unauthorized}
Example:
Router(config-if)# authentication
port-control {auto | force-authorized |
force-unauthorized}
Enables the manual control of the port
authorization state.
auto-Allows only EAPol traffic until successful
authentication.
force-authorized-Allows all traffic, requires no
authentication.
force-unauthorized-Allows no traffic.
Step 5
mab
Example:
Router(config-if)# mab
Enables MAC-based authentication on a port.
Step 6
end
Example:
Router(config-if)# end
Router#
Returns to privileged EXEC mode.
To Next Page
Loading...
