6-2
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 6 Configuring Endpoint Admission Control
Basic EAC Configuration Sequence
Basic EAC Configuration Sequence
1. Configure the Cisco Secure ACS to provision SGTs to authenticated endpoint hosts.
2. Enable SXP on access switches. See the chapter, “Configuring SGT Exchange Protocol over TCP
(SXP) and Layer 3 Transport.”
3. Enable any combination of 802.1X, MAB, or WebAuth authentication methods on the access switch.
4. Enable DHCP and IP device tracking on access switches.
802.1X Authentication Configuration
The following example shows the basic 802.1x configuration on a Gigabit Ethernet port:
Router(config)# dot1x system-auth-control
Router(config)# interface GigabitEthernet2/1
Router(config-if)# authentication port-control auto
Router(config-if)# dot1x pae authenticator
For additional information on configuring 802.1x authentication, see the configuration guide for your
access switch.
Verifying the 802.1X Configuration
To verify 802.1X authentication configuration, use the show authentication interface command.
Router# show authentication interface gigabitEthernet 2/1
*May 7 11:22:06: %SYS-5-CONFIG_I: Configured from console by console
Client list:
Interface MAC Address Domain Status Session ID
Gi2/1 000c.293a.048e DATA Authz Success AC1AD01F0000000904BBECD8
Available methods list:
Handle Priority Name
3 0 dot1x
Runnable methods list:
Handle Priority Name
3 1 dot1x
And to verify the port has successfully authenticated:
Router# show dot1x interface gigabitEthernet 2/1 details
Dot1x Info for GigabitEthernet2/1
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
Dot1x Authenticator Client List
To Next Page
Loading...
