EasyManua.ls Logo

Cisco 3032 - Configuring NAC Layer 2 802.1 X Validation

Cisco 3032
1354 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
9-57
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration
command.
This example shows how to enable MAC authentication bypass:
Switch(config-if)# dot1x mac-auth-bypass
Configuring NAC Layer 2 802.1x Validation
You can configure NAC Layer 2 802.1x validation, which is also referred to as 802.1x authentication
with a RADIUS server.
Beginning in privileged EXEC mode, follow these steps to configure NAC Layer 2 802.1x validation.
The procedure is optional.
Step 4
dot1x mac-auth-bypass [eap] Enable MAC authentication bypass.
(Optional) Use the eap keyword to configure the switch to use EAP for
authorization.
Step 5
end Return to privileged EXEC mode.
Step 6
show authentication interface-id
or
show dot1x interface interface-id
Verify your entries.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x guest-vlan vlan-id Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to
4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN, or a voice VLAN as an 802.1x guest VLAN.
Step 4
authentication periodic
or
dot1x reauthentication
Enable periodic re-authentication of the client, which is disabled by
default.
Step 5
dot1x timeout reauth-period {seconds |
server}
Set the number of seconds between re-authentication attempts.
The keywords have these meanings:
seconds—Sets the number of seconds from 1 to 65535; the default is
3600 seconds.
server—Sets the number of seconds based on the value of the
Session-Timeout RADIUS attribute (Attribute[27]) and the
Termination-Action RADIUS attribute (Attribute [29]).
This command affects the behavior of the switch only if periodic
re-authentication is enabled.

Table of Contents

Related product manuals