Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

49-83

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 49 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication

Cisco IOS Release 12.2(46)SG or earlier

Switch# configure terminal

Switch(config)# interface fastethernet5/9

Switch(config-if)# switchport mode access

Switch(config-if)# dot1x pae authenticator

Switch(config-if)# dot1x reauthentication

Switch(config-if)# dot1x timeout reauth-period 4000

Switch(config-if)# dot1x port-control auto

Switch(config-if)# end

Switch#

Enabling Multiple Hosts

You can attach multiple hosts (clients) to a single 802.1X-enabled port as shown in Figure 49-9 on page 49-26. In this mode,

when the port is authorized, all other hosts that are indirectly attached to the port are granted access to the network. If the port

becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), the switch denies access to the network

for all wireless access point-attached clients.

To allow multiple hosts (clients) on an 802.1X-authorized port that has the dot1x port-control interface configuration

command set to auto, perform this task:

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface

interface-id

Enters interface configuration mode and specifies the interface to which

multiple hosts are indirectly attached.

Step 3

Switch(config-if)# switchport mode

access

Specifies a nontrunking, nontagged single VLAN Layer 2 interface.

Step 4

Switch(config-if)# dot1x pae

authenticator

Enables 802.1X authentication on the port with default parameters.

Refer to the “Default 802.1X Configuration” section on page 49-27.

Step 5

Cisco IOS Release 12.2(50)SG and later

Switch(config-if)# authentication

host-mode multi-host

Cisco IOS Release 12.2(46)SG or earlier

releases

Switch(config-if)# dot1x host-mode

multi-host

Allows multiple hosts (clients) on an 802.1X-authorized port.

Note Ensure that the dot1x port-control interface configuration

command set is set to auto for the specified interface.

To disable multiple hosts on the port, use the

no authentication host-mode multi-host interface configuration

command (for earlier releases, use the no dot1x host-mode multi-host

interface configuration command).

Step 6

Cisco IOS Release 12.2(50)SG and later

Switch(config-if)# authentication

port-control auto

Cisco IOS Release 12.2(46)SG or earlier

releases

Switch(config-if)# dot1x

port-control auto

Enables 802.1X authentication on the interface.

Step 7

Switch(config-if)# end

Returns to privileged EXEC mode.

Step 8

Switch# show dot1x all interface

interface-id

Verifies your entries.

Step 9

Switch# copy running-config

startup-config

(Optional) Saves your entries in the configuration file.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E