49-66
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# dot1x system-auth-control
Switch(config)# radius-server host 10.1.2.3 auth-port 1645 acct-port 1646 test username randomuser idle-time
1 key mykey
Switch(config)# radius-server deadtime 1
Switch(config)# radius-server dead-criteria time 15 tries 3
Switch(config)# interface f3/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical vlan 17
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# end
Switch# show dot1x int fastethernet 3/1 details
Dot1x Info for FastEthernet3/1
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Critical-Auth = Enabled
Critical Recovery Action = Reinitialize
Critical-Auth VLAN = 17
Dot1x Authenticator Client List
-------------------------------
Supplicant = 0000.0000.0001
Auth SM State = AUTHENTICATING
Auth BEND SM Stat = RESPONSE
Port Status = AUTHORIZED
Authentication Method = Dot1x
Authorized By = Critical-Auth
Operational HostMode = SINGLE_HOST
Vlan Policy = 17
Switch#
Configuring 802.1X with Unidirectional Controlled Port
To configure unidirectional controlled port, perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Specifies the port to be configured and enters interface configuration
mode.
To Next Page
Loading...
Need help?
General
