230
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring an Authenticator and Supplicant
You can also use an Auto Smartports user-defined macro instead of the switch VSA to configure the authenticator switch.
For information, seeConfiguring Smartports Macros, page 257.
Configuring an Authenticator
Before You Begin
One switch outside a wiring closet must be configured as a supplicant and be connected to an authenticator switch.
Note: The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the interface as a
trunk after the supplicant is successfully authenticated.
Configuring a Supplicant Switch with NEAT
Command Purpose
1. configure terminal Enters global configuration mode.
2. cisp enable Enables CISP.
3. interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
4. switchport mode access Sets the port mode to access.
5. authentication port-control auto Sets the port-authentication mode to auto.
6. dot1x pae authenticator Configures the interface as a port access entity (PAE) authenticator.
7. spanning-tree portfast Enables Port Fast on an access port connected to a single workstation
or server.
8. end Returns to privileged EXEC mode.
9. show running-config interface
interface-id
Verifies your configuration.
10. copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
1. configure terminal Enters global configuration mode.
2. cisp enable Enables CISP.
3. dot1x credentials profile Creates 802.1x credentials profile. This must be attached to the port
that is configured as supplicant.
4. username suppswitch Creates a username.
5. password password Creates a password for the new username.
6. dot1x supplicant force-multicast Forces the switch to send only multicast EAPOL packets when it
receives either unicast or multicast packets.
This also allows NEAT to work on the supplicant switch in all host
modes.
7. interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
8. switchport mode trunk Configures the interface as a VLAN trunk port.
9. dot1x pae supplicant Configures the interface as a port access entity (PAE) supplicant.
10. dot1x credentials profile-name Attaches the 802.1x credentials profile to the interface.
To Next Page
Loading...
Need help?
General
