46-85
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
To allow multiple hosts (clients) on an 802.1X-authorized port that has the dot1x port-control interface
configuration command set to auto, perform this task:
This example shows how to enable 802.1X on Fast Ethernet interface 5/9 and to allow multiple hosts:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication host-mode multi-host
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode and specifies the interface to which
multiple hosts are indirectly attached.
Step 3
Switch(config-if)# switchport mode
access
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Step 4
Switch(config-if)# dot1x pae
authenticator
Enables 802.1X authentication on the port with default parameters.
Refer to the “Default 802.1X Configuration” section on page 46-30.
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
host-mode multi-host
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x host-mode
multi-host
Allows multiple hosts (clients) on an 802.1X-authorized port.
Note Ensure that the dot1x port-control interface configuration
command set is set to auto for the specified interface.
To disable multiple hosts on the port, use the
no authentication host-mode multi-host interface configuration
command (for earlier releases, use the no dot1x host-mode multi-host
interface configuration command).
Step 6
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
port-control auto
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
port-control auto
Enables 802.1X authentication on the interface.
Step 7
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 8
Switch# show dot1x all interface
interface-id
Verifies your entries.
Step 9
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
To Next Page
Loading...
