44-26
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 44 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
switch denies access to the network for all wireless access point-attached clients. In this topology, the
wireless access point is responsible for authenticating clients attached to it, and the wireless access point
acts as a client to the switch.
Figure 44-9 Wireless LAN Example
Configuring 802.1X Port-Based Authentication
To configure 802.1X, follow this procedure:
Step 1 Enable 802.1X authentication. See the “Enabling 802.1X Authentication” section on page 44-28.
Step 2 Configure switch to RADIUS server communication. See the “Configuring Switch-to-RADIUS-Server
Communication” section on page 44-32.
Step 3 Adjust the 802.1X timer values. See the “Changing the Quiet Period” section on page 44-81.
Step 4 Configure optional features. See the “Configuring RADIUS-Provided Session Timeouts” section on
page 44-51.
These sections describe how to configure 802.1X:
• Default 802.1X Configuration, page 44-27
• 802.1X Configuration Guidelines, page 44-28
• Enabling 802.1X Authentication, page 44-28 (required)
• Configuring Switch-to-RADIUS-Server Communication, page 44-32 (required)
• Configuring Multiple Domain Authentication and Multiple Authorization, page 44-34
• Configuring 802.1X Authentication with ACL Assignments and Redirect URLs, page 44-38
• Configuring 802.1X Authentication with Per-User ACL and Filter-ID ACL, page 44-44
• Configuring RADIUS-Provided Session Timeouts, page 44-51 (optional)
• Configuring MAC Move, page 44-53 (optional)
• Configuring MAC Replace, page 44-53 (optional)
• Configuring Violation Action, page 44-54 (optional)
• Configuring 802.1X with Guest VLANs, page 44-55 (optional)
• Configuring 802.1X with MAC Authentication Bypass, page 44-58 (optional)
Wireless
clients
Wireless
access point
Catalyst 4500 Network
Access Switch
RADIUS
94160
Authenticator Authentication server
Supplicants
To Next Page
Loading...
