10-39
Catalyst 3750 Switch Software Configuration Guide
OL-8550-02
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 key abc1234 test
username user1 idle-time 30
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/0/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
Configuring IEEE 802.1x Authentication with WoL
Beginning in privileged EXEC mode, follow these steps to enable IEEE 802.1x authentication with
WoL. This procedure is optional.
Step 7
dot1x critical [recovery action
reinitialize | vlan vlan-id]
Enable the inaccessible authentication bypass feature, and use these
keywords to configure the feature:
• recovery action reinitialize—Enable the recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
• vlan vlan-id—Specify the access VLAN to which the switch can
assign a critical port. The range is from 1 to 4094.
Step 8
end Return to privileged EXEC mode.
Step 9
show dot1x [interface interface-id] (Optional) Verify your entries.
Step 10
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the “IEEE 802.1x Authentication
Configuration Guidelines” section on page 10-23.
Step 3
dot1x control-direction {both | in} Enable IEEE 802.1x authentication with WoL on the port, and use these
keywords to configure the port as bidirectional or unidirectional.
• both—Sets the port as bidirectional. The port cannot receive packets
from or send packets to the host. By default, the port is bidirectional.
• in—Sets the port as unidirectional. The port can send packets to the
host but cannot receive packets from the host.
To Next Page
Loading...
Need help?
General
