Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-44

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on

the switch:

Configuring 802.1x Authentication

To configure 802.1x port-based authentication, you must enable authentication, authorization, and

accounting (AAA) and specify the authentication method list. A method list describes the sequence and

authentication method to be queried to authenticate a user.

To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the

switch for all network-related service requests.

This is the 802.1x AAA process:

Step 1 A user connects to a port on the switch.

Step 2 Authentication is performed.

Step 3 VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.

Step 4 The switch sends a start message to an accounting server.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

aaa new-model Enable AAA.

Step 3

aaa authentication dot1x {default}

method1

Create an 802.1x authentication method list.

To create a default list that is used when a named list is not specified in

the authentication command, use the default keyword followed by the

method that is to be used in default situations. The default method list is

automatically applied to all ports.

For method1, enter the group radius keywords to use the list of all

RADIUS servers for authentication.

Note Though other keywords are visible in the command-line help

string, only the group radius keywords are supported.

Step 4

interface interface-id Specify the port connected to the client that is to be enabled for

IEEE 802.1x authentication, and enter interface configuration mode.

Step 5

switchport mode access Set the port to access mode.

Step 6

authentication violation {shutdown |

restrict | protect | replace}

Configure the violation mode. The keywords have these meanings:

• shutdown–Error disable the port.

• restrict–Generate a syslog error.

• protect–Drop packets from any new device that sends traffic to the

port.

• replace–Removes the current session and authenticates with the new

host.

Step 7

end Return to privileged EXEC mode.

Step 8

show authentication Verify your entries.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)