49-83
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch#
Enabling Multiple Hosts
You can attach multiple hosts (clients) to a single 802.1X-enabled port as shown in Figure 49-9 on page 49-26. In this mode,
when the port is authorized, all other hosts that are indirectly attached to the port are granted access to the network. If the port
becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the switch denies access to the network
for all wireless access point-attached clients.
To allow multiple hosts (clients) on an 802.1X-authorized port that has the dot1x port-control interface configuration
command set to auto, perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode and specifies the interface to which
multiple hosts are indirectly attached.
Step 3
Switch(config-if)# switchport mode
access
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Step 4
Switch(config-if)# dot1x pae
authenticator
Enables 802.1X authentication on the port with default parameters.
Refer to the “Default 802.1X Configuration” section on page 49-27.
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
host-mode multi-host
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x host-mode
multi-host
Allows multiple hosts (clients) on an 802.1X-authorized port.
Note Ensure that the dot1x port-control interface configuration
command set is set to auto for the specified interface.
To disable multiple hosts on the port, use the
no authentication host-mode multi-host interface configuration
command (for earlier releases, use the no dot1x host-mode multi-host
interface configuration command).
Step 6
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
port-control auto
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
port-control auto
Enables 802.1X authentication on the interface.
Step 7
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 8
Switch# show dot1x all interface
interface-id
Verifies your entries.
Step 9
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
To Next Page
Loading...
