226
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring a Guest VLAN
When you configure a guest VLAN, clients that are not 802.1x-capable are put into the guest VLAN when the server does
not receive a response to its EAP request/identity frame. Clients that are 802.1x-capable but that fail authentication are
not granted network access. The switch supports guest VLANs in single-host or multiple-hosts mode.
Configuring a Restricted VLAN
When you configure a restricted VLAN on a switch, clients that are 802.1x-compliant are moved into the restricted VLAN
when the authentication server does not receive a valid username and password. The switch supports restricted VLANs
only in single-host mode.
Command Purpose
1. configure terminal Enters global configuration mode.
2. interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
3. switchport mode access
or
switchport mode private-vlan host
Sets the port to access mode
or
Configures the Layer 2 port as a private-VLAN host port.
4. authentication port-control auto Enables 802.1x authentication on the port.
5. authentication event no-response
action authorize vlan vlan-id
Specifies an active VLAN as an 802.1x guest VLAN. The range is
1 to 4096.
You can configure any active VLAN except an internal VLAN (routed port),
an RSPAN VLAN, a primary private VLAN, or a voice VLAN as an 802.1x
guest VLAN.
6. end Returns to privileged EXEC mode.
7. show authentication interface
interface-id
Verifies your entries.
8. copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
1. configure terminal Enters global configuration mode.
2. interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
3. switchport mode access
or
switchport mode private-vlan host
Sets the port to access mode,
or
Configures the Layer 2 port as a private-VLAN host port.
4. authentication port-control auto Enables 802.1x authentication on the port.
5. authentication event fail action authorize
vlan-id
Specifies an active VLAN as an 802.1x restricted VLAN. The range is
1 to 4096.
You can configure any active VLAN except an internal VLAN (routed port),
an RSPAN VLAN, a primary private VLAN, or a voice VLAN as an 802.1x
restricted VLAN.
To Next Page
Loading...
