DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Specifies the RADIUS server groups to use for 802.1X
authentication.
aaa authentication dot1x default group group-list
Example:
Step 2
The group-list argument consists of a space-delimited list
of group names. The group names are the following:
switch(config)# aaa authentication dot1x default
group rad2
• radius—Uses the global pool of RADIUS servers for
authentication.
• named-group —Uses the global pool of RADIUS
servers for authentication.
Exits configuration mode.exit
Example:
Step 3
switch(config)# exit
switch#
Displays the RADIUS server configuration.(Optional) show radius-server
Example:
Step 4
switch# show radius-server
Displays the RADIUS server group configuration.
(Optional) show radius-server group [group-name]
Example:
Step 5
switch# show radius-server group rad2
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 6
switch# copy running-config startup-config
Controlling 802.1X Authentication on an Interface
You can control the 802.1X authentication performed on an interface. An interface can have the following
802.1X authentication states:
Auto
Enables 802.1X authentication on the interface.
Force-authorized
Disables 802.1X authentication on the interface and allows all traffic on the interface without
authentication. This state is the default.
Force-unauthorized
Disallows all traffic on the interface.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
188
Configuring 802.1X
Controlling 802.1X Authentication on an Interface
To Next Page
Loading...
