Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

49-93

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 49 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication

This example shows how to configure a switch as a supplicant:

Switch# configure terminal

Switch(config)# cisp enable

Switch(config)# dot1x credentials test

Switch(config)# username suppswitch

Switch(config)#

password myswitch

Switch(config)# dot1x supplicant force-multicast

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport mode trunk

Switch(config-if)# dot1x pae supplicant

Switch(config-if)# dot1x credentials test

Switch(config-if)# end

The following macro is applied to the authenticator switch port after the supplicant switch is deauthenticated due to a link-down

or a reauthenticating event:

no switchport nonegotiate

switchport mode access

no switchport trunk native vlan $AVID

no spanning-tree portfast trunk

switchport access vlan $AVID

spanning-tree bpduguard enable

spanning-tree portfast

Configuring NEAT with ASP

You can also use an AutoSmart Ports user-defined macro rather than a switch VSA to configure the authenticator switch. For

more information, see the Chapter 22, “Configuring Cisco IOS Auto Smartport Macros.”

Configuration Guidelines

• If BPDU Guard was enabled prior to supplicant switch authentication, it is re-enabled after the supplicant switch

unauthenticates.

• You can configure NEAT ports and non-NEAT ports with the same configuration. When the supplicant switch

authenticates, the port mode is changed from access to trunk based on the switch vendor-specific attributes

(device-traffic-class=switch).

• To enable NEAT, you must configure the vendor-specific attributes (VSA) attribute as switch. Configuring the trunk with

an 802.1X configuration and enabling CISP globally will not enable NEAT.

• VSA device-traffic-class=switch assists the authenticator switch in identifying the supplicant as a switch-device. This

identification changes the authenticator switch port mode from access to trunk and enables 802.1X trunk encapsulation.

The access VLAN, if any, is converted to a native trunk VLAN. VSA does not change any of the port configurations on

the supplicant.

Step 13

Switch# show running-config

interface

Verifies your configuration.

Note it is the only command that tells you that the smart macro has

been applied after the supplicant switch has been authenticated.

Step 14

Switch# copy running-config

startup-config

(Optional) Saves your entries in the configuration file.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E