10-61
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to configure NAC Layer 2 802.1x validation:
Switch# configure terminal
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# authentication periodic
Switch(config-if)# authentication timer reauthenticate
Configuring an Authenticator and a Supplicant Switch with NEAT
Configuring this feature requires that one switch outside a wiring closet is configured as a supplicant and
is connected to an authenticator switch.
For overview information, see the “802.1x Supplicant and Authenticator Switches with Network Edge
Access Topology (NEAT)” section on page 10-33.
Note The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the
interface as a trunk after the supplicant is successfully authenticated.
Beginning in privileged EXEC mode, follow these steps to configure a switch as an authenticator:
Step 3
authentication event no-response
action authorize vlan vlan-id
Specify an active VLAN as an 802.1x guest VLAN. The range is 1
to 4094.
You can configure any active VLAN except an RSPAN VLAN, or a voice
VLAN as an 802.1x guest VLAN.
Step 4
authentication periodic Enable periodic re-authentication of the client, which is disabled by
default.
Step 5
authentication timer reauthenticate Set re-authentication attempt for the client (set to one hour).
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Step 6
end Return to privileged EXEC mode.
Step 7
show authentication interface
interface-id
Verify your 802.1x authentication configuration.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
cisp enable Enable CISP.
Step 3
interface interface-id Specify the port to be configured, and enter interface configuration
mode.
Step 4
switchport mode access Set the port mode to access.
Step 5
authentication port-control auto Set the port-authentication mode to auto.
Step 6
dot1x pae authenticator Configure the interface as a port access entity (PAE) authenticator.
Step 7
spanning-tree portfast Enable Port Fast on an access port connected to a single workstation or
server.
To Next Page
Loading...
