DETAILED STEPS
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Enables AAA.aaa new-model
Example:
Switch(config)# aaa new-model
Step 2
Creates an 802.1x authentication method list.
aaa authentication dot1x {default} method1
Step 3
Example:
Switch(config)# aaa authentication dot1x
To create a default list that is used when a named list is not specified
in the authentication command, use the default keyword followed
by the method that is to be used in default situations. The default
method list is automatically applied to all ports.
default group radius
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Specifies the port connected to the client that is to be enabled for
IEEE 802.1x authentication, and enter interface configuration mode.
interface interface-id
Example:
Switch(config)# interface
Step 4
gigabitethernet1/0/4
Sets the port to access mode.switchport mode access
Example:
Switch(config-if)# switchport mode access
Step 5
Configures the violation mode. The keywords have these meanings:authentication violation {shutdown | restrict |
protect | replace}
Step 6
• shutdown–Error disable the port.
Example:
Switch(config-if)# authentication
• restrict–Generate a syslog error.
• protect–Drop packets from any new device that sends traffic
to the port.
violation restrict
• replace–Removes the current session and authenticates with
the new host.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29048-01 305
Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Violation Modes
To Next Page
Loading...
Need help?
General