PurposeCommand or Action
Configures the violation mode. The keywords have these meanings:authentication violation {shutdown | restrict
| protect | replace}
Step 6
• shutdown–Error disable the port.
Example:
Switch(config-if)# authentication
• restrict–Generate a syslog error.
• protect–Drop packets from any new device that sends traffic
to the port.
violation restrict
• replace–Removes the current session and authenticates with
the new host.
Returns to privileged EXEC mode.end
Example:
Switch(config-if)# end
Step 7
Configuring 802.1x Authentication
To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the switch
for all network-related service requests.
This is the 802.1x AAA process:
Before You Begin
To configure 802.1x port-based authentication, you must enable authentication, authorization, and accounting
(AAA) and specify the authentication method list. A method list describes the sequence and authentication
method to be queried to authenticate a user.
SUMMARY STEPS
1.
A user connects to a port on the switch.
2.
Authentication is performed.
3.
VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.
4.
The switch sends a start message to an accounting server.
5.
Re-authentication is performed, as necessary.
6.
The switch sends an interim accounting update to the accounting server that is based on the result of
re-authentication.
7.
The user disconnects from the port.
8.
The switch sends a stop message to the accounting server.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
252 OL-29434-01
Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To Next Page
Loading...
