EasyManua.ls Logo

Cisco CATALYST 2960

Cisco CATALYST 2960
980 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
10-43
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Configuring 802.1x Authentication
To configure 802.1x port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.
To allow VLAN assignment, you must enable AAA authorization to configure the switch for all
network-related service requests.
This is the 802.1x AAA process:
Step 1 A user connects to a port on the switch.
Step 2 Authentication is performed.
Step 3 VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.
Step 4 The switch sends a start message to an accounting server.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
aaa new-model Enable AAA.
Step 3
aaa authentication dot1x {default}
method1
Create an 802.1x authentication method list.
To create a default list to use when a named list is not specified in the
authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Note Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.
Step 4
interface interface-id Specify the port connected to the client that is to be enabled for 802.1x
authentication, and enter interface configuration mode.
Step 5
switchport mode access Set the port to access mode.
Step 6
authentication violation {shutdown |
restrict | protect | replace}
Configure the violation mode. The keywords have these meanings:
shutdown–Error disable the port.
restrict–Generate a syslog error.
protect–Drop packets from any new device that sends traffic to the
port.
replace–Removes the current session and authenticates with the new
host.
Step 7
end Return to privileged EXEC mode.
Step 8
show authentication Verify your entries.
Step 9
copy running-config startup-config (Optional) Save your entries in the configuration file.

Table of Contents

Other manuals for Cisco CATALYST 2960

Preview: Command Reference Guide
Command Reference Guide800 pages
Preview: Command Reference
Command Reference714 pages
Preview: Hardware Installation Guide
Hardware Installation Guide108 pages
Preview: Getting Started Guide
Getting Started Guide24 pages
Preview: Installation
Installation26 pages

Related product manuals