40-24
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 40 Configuring 802.1X Authentication
Configuring 802.1X Authentication on the Switch
Disabling 802.1X Authentication for the DHCP Relay Agent
To disable the DCHP Relay Agent from sending the 802.1X parameters for a particular VLAN to the DHCP
server, perform this task in privileged mode:
This example shows how to configure the DHCP Relay Agent to stop sending the 802.1X authentication
parameters for VLANs 1–3 and 20 and verify the configuration:
Console> (enable) clear security acl map dhcp_relay 1-3,20
Successfully cleared mapping between ACL dhcp_relay and VLAN 1.
Successfully cleared mapping between ACL dhcp_relay and VLAN 2.
Successfully cleared mapping between ACL dhcp_relay and VLAN 3.
Successfully cleared mapping between ACL dhcp_relay and VLAN 20.
Adding Hosts to an 802.1X Guest VLAN
Typically, the guest VLANs support minimal services and provide minimal network access. The hosts
can be added to the guest VLAN only when the set port dot1x mod/port port-control auto command
option is used. If you change the set port dot1x mod/port port-control command option from auto to
force-authorized or force-unauthorized, the host is removed from the guest VLAN and added back to
the port VLAN.
To add a port to an 802.1X guest VLAN, perform this task in privileged mode:
This example shows how to add port 3/1 to 802.1X guest VLAN 200:
Console> (enable) set port dot1x 3/1 guest-vlan 200
Port 3/1 is Multiple-authentication enabled, guest-vlan can not be enabled
Console> (enable) set port dot1x 3/1 multiple-authentication disable
Port 3/1 Multiple-authentication option disabled
Console> (enable) set port dot1x 3/1 guest-vlan 200
Port 3/1 Guest Vlan is set to 200
Console> (enable) show port dot1x guest-vlan
Guest-Vlan Status Mod/Ports
------------- -------- ------------------
200 active 3/1
none none 2/1-2,3/2-48,8/1-8
Console> (enable)
Task Command
Step 1
Disable 802.1X authentication for the DHCP
Relay Agent.
clear security acl map dhcp_relay vlan_ID
Step 2
Verify the 802.1X configuration. show dot1x
Task Command
Step 1
Configure an active VLAN as an 802.1X guest
VLAN.
set port dot1x mod/port guest-vlan {vlan | none}
Step 2
Verify the per-port 802.1X guest VLAN
configuration.
show port dot1x guest-vlan
To Next Page
Loading...
Need help?
General