46-78
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
The following example shows how to configure MDA on an interface and 802.1X as the authentication
mechanism:
Switch(config)# interface FastEthernet3/3
Switch(config-if)# switchport access vlan 10
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 16
Switch(config-if)# authentication host-mode multi-domain
Switch(config-if)# authentication port-control auto
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# end
Note You must configure VLAN assignment in the ACS server. No configuration changes are required
on the switch.
Cisco ACS Configuration for VLAN Assignment
The procedure for enabling MDA with voice VLAN assignment is the same as that for activating MDA
except for one step: Configure a VLAN for dynamic VLAN assignment after selecting
User > IETF RADIUS Attributes (Figure 46-16). This step ensures correct functioning of the ACS
configuration required for dynamic VLAN assignment.
Figure 46-16 User Set Up
Note The procedure is the same for voice devices except that the AAA server must be configured to send a
Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice.
To Next Page
Loading...
Need help?
General
