10-36
Catalyst 3750 Switch Software Configuration Guide
OL-8550-02
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To disable and remove the restricted VLAN, use the no dot1x auth-fail vlan interface configuration
command. The port returns to the unauthorized state.
This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN:
Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# dot1x auth-fail vlan 2
You can configure the maximum number of authentication attempts allowed before a user is assigned to
the restricted VLAN by using the dot1x auth-fail max-attempts interface configuration command. The
range of allowable authentication attempts is 1 to 3. The default is 3 attempts.
Beginning in privileged EXEC mode, follow these steps to configure the maximum number of allowed
authentication attempts. This procedure is optional.
To return to the default value, use the no dot1x auth-fail max-attempts interface configuration
command.
Step 5
dot1x auth-fail vlan vlan-id Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range
is 1 to 4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as
an IEEE 802.1x restricted VLAN.
Step 6
end Return to privileged EXEC mode.
Step 7
show dot1x interface interface-id (Optional) Verify your entries.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the “IEEE 802.1x Authentication
Configuration Guidelines” section on page 10-23.
Step 3
switchport mode access
or
switchport mode private-vlan host
Set the port to access mode,
or
Configure the Layer 2 port as a private-VLAN host port.
Step 4
dot1x port-control auto Enable IEEE 802.1x authentication on the port.
Step 5
dot1x auth-fail vlan vlan-id Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range
is 1 to 4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as
an IEEE 802.1x restricted VLAN.
Step 6
dot1x auth-fail max-attempts max
attempts
Specify a number of authentication attempts to allow before a port moves
to the restricted VLAN. The range is 1 to 3, and the default is 3.
Step 7
end Return to privileged EXEC mode.
Step 8
show dot1x interface interface-id (Optional) Verify your entries.
Step 9
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General
