Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-62

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that

the switch waits for a response to an EAP-request/identity frame from the client before re-sending the

request, and to enable VLAN 2 as an 802.1x guest VLAN when an 802.1x port is connected to a DHCP

client:

Switch(config-if)# authentication timer inactivity 3

Switch(config-if)# authentication timer reauthenticate 15

Switch(config-if)# authentication event no-response action authorize vlan 2

Configuring a Restricted VLAN

When you configure a restricted VLAN on a switch stack or a switch, clients that are

IEEE 802.1x-compliant are moved into the restricted VLAN when the authentication server does not

receive a valid username and password. The switch supports restricted VLANs only in single-host mode.

Beginning in privileged EXEC mode, follow these steps to configure a restricted VLAN. This procedure

is optional.

To disable and remove the restricted VLAN, use the no authentication event fail action authorize

vlan-id interface configuration command. The port returns to the unauthorized state.

This example shows how to enable VLAN 2 as an 802.1x restricted VLAN:

Switch(config)# interface gigabitethernet2/0/2

Switch(config-if)# authentication event fail action authorize 2

You can configure the maximum number of authentication attempts allowed before a user is assigned to

the restricted VLAN by using the authentication event retry retry count interface configuration

command. The range of allowable authentication attempts is 1 to 3. The default is 3 attempts.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the port to be configured, and enter interface configuration mode.

For the supported port types, see the “802.1x Authentication

Configuration Guidelines” section on page 1-39.

Step 3

switchport mode access

switchport mode private-vlan host

Set the port to access mode,

Configure the Layer 2 port as a private-VLAN host port.

Step 4

authentication port-control auto Enable 802.1x authentication on the port.

Step 5

authentication event fail action

authorize vlan-id

Specify an active VLAN as an 802.1x restricted VLAN. The range is 1 to

4094.

You can configure any active VLAN except an internal VLAN (routed

port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as

an 802.1x restricted VLAN.

Step 6

end Return to privileged EXEC mode.

Step 7

show authentication interface

interface-id

(Optional) Verify your entries.

Step 8

copy running-config startup-config (Optional) Save your entries in the configuration file.

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)