7-8
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter7 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Authentication
Enabling 802.1X Authentication
To enable 802.1X port-based authentication, you must enable AAA and specify the authentication
method list. A method list describes the sequence and authentication methods to be queried to
authenticate a user.
The software uses the first method listed to authenticate users; if that method fails to respond, the
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
Beginning in privileged EXEC mode, follow these steps to configure 802.1X port-based authentication.
This procedure is required.
To disable AAA, use the no aaa new-model global configuration command. To disable 802.1X AAA
authentication, use the no aaa authentication dot1x {default | list-name} method1 [method2...] global
configuration command. To disable 802.1X, use the dot1x port-control force-authorized or the no
dot1x port-control interface configuration command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA.
Step 3
aaa authentication dot1x {default}
method1 [method2...]
Create an 802.1X authentication method list.
Tocreateadefaultlistthatisusedwhenanamedlistisnot specified in
the authentication command, use the default keywordfollowedbythe
methods that are to be used in default situations. The default method list
is automatically applied to all interfaces.
Enter at least one of these keywords:
• group radius—Use the list of all RADIUS servers for authentication.
• none—Use no authentication. The client is automatically
authenticated without the switch using the information supplied by
the client.
Step 4
interface interface-id Enter interface configuration mode, and specify the interface to be
enabled for 802.1X authentication.
Step 5
dot1x port-control auto Enable 802.1X on the interface.
For feature interaction information with trunk, dynamic, dynamic-access,
EtherChannel, secure, and SPAN ports see the “802.1X Configuration
Guidelines” sectiononpage7-7.
Step 6
end Return to privileged EXEC mode.
Step 7
show dot1x Verify your entries.
Check the Status column in the 802.1X Port Summary section of the
display. An enabled status means the port-control value is set either to
auto or to force-unauthorized.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General
