PurposeCommand or Action
Specifies the port to be configured, and enter interface
configuration mode.
interface interface-id
Example:
Switch(config)# interface gigabitethernet2/0/2
Step 2
Use one of the following:
Step 3
•
Sets the port to access mode.
•
Configures the Layer 2 port as a private-VLAN host
port.
•
switchport mode access
•
switchport mode private-vlan host
Example:
Switch(config-if)# switchport mode private-vlan
host
Specifies an active VLAN as an 802.1x guest VLAN. The
range is 1 to 4094.
authentication event no-response action authorize
vlan vlan-id
Step 4
Example:
Switch(config-if)# authentication event
You can configure any active VLAN except an internal
VLAN (routed port), an RSPAN VLAN, a primary private
VLAN, or a voice VLAN as an 802.1x guest VLAN.
no-response action authorize vlan 2
Returns to privileged EXEC mode.end
Example:
Switch(config-if)# end
Step 5
Configuring a Restricted VLAN
When you configure a restricted VLAN on a switch stack or a switch, clients that are IEEE 802.1x-compliant
are moved into the restricted VLAN when the authentication server does not receive a valid username and
password. The switch supports restricted VLANs only in single-host mode.
Beginning in privileged EXEC mode, follow these steps to configure a restricted VLAN. This procedure is
optional.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
270 OL-29434-01
Configuring IEEE 802.1x Port-Based Authentication
Configuring a Restricted VLAN
To Next Page
Loading...
