10-10
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
OL-9775-08
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Beginning with Cisco IOS Release 12.2(55)SE, you can filter out verbose system messages generated
by the authentication manager. The filtered content typically relates to authentication success. You can
also filter verbose messages for 802.1x authentication and MAB authentication. There is a separate
command for each authentication method:
• The no authentication logging verbose global configuration command filters verbose messages
from the authentication manager.
• The no dot1x logging verbose global configuration command filters 802.1x authentication verbose
messages.
• The no mab logging verbose global configuration command filters MAC authentication bypass
(MAB) verbose messages
For more information, see the command reference for this release.
Ta b l e 10-2 Authentication Manager Commands and Earlier 802.1x Commands
The authentication manager
commands in Cisco IOS
Release 12.2(50)SE or later
The equivalent 802.1x commands in
Cisco IOS Release 12.2(46)SE and
earlier Description
authentication control-direction
{b
oth | in}
dot1x control-direction {both |
in}
Enable 802.1x authentication with the
wake-on-LAN (WoL) feature, and configure the
port control as unidirectional or bidirectional.
authentication event dot1x auth-fail vlan
dot1x critical (interface
conf
iguration)
dot1x guest-vlan6
Enable the restricted VLAN on a port.
Enable the inaccessible-authentication-bypass
fe
ature.
Specify an active VLAN as an 802.1x guest
VL
AN.
authentication fallback
fa
llback-profile
dot1x fallback fallback-profile Configure a port to use web authentication as a
fallback method for clients that do not support
802.1x authentication.
authentication host-mode
[mult
i-auth | multi-domain |
multi-host | single-host]
dot1x host-mode {single-host |
multi-host | multi-domain}
Allow a single host (client) or multiple hosts on
an 802.1x-authorized port.
authentication order dot1x mac-auth-bypass Enable the MAC authentication bypass feature.
authentication periodic dot1x reauthentication Enable periodic re-authentication of the client.
authentication port-control {au
to
| force-authorized | force-un
authorized}
dot1x port-control {auto |
force-authorized |
force-unauthorized}
Enable manual control of the authorization state of
the port.
authentication timer dot1x timeout Set the 802.1x timers.
authentication violation {pr
otect |
restrict | shutdown}
dot1x violation-mode {shutdown
| restrict | protect}
Configure the violation modes that occur when a
new device connects to a port or when a new
device connects to a port after the maximum
number of devices are connected to that port.
show authentication show dot1x Display 802.1x statistics, administrative status,
and
operational status for the switch or for the
specified port. authentication manager:
compatibility with earlier 802.1x CLI commands
To Next Page
Loading...
