40-45
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 40 Configuring 802.1X Authentication
Configuring 802.1X Authentication on the Switch
Assigning Private VLANs to 802.1X
This example shows how to assign private VLANs to 802.1X:
Console> (enable) set port dot1x 2/2 port-control auto
Port 2/2 dot1x port-control is set to auto.
Trunking disabled for port 2/2 due to Dot1x feature.
Spantree port fast start option enabled for port 2/2.
Console> (enable) set port dot1x 2/2 initialize
Port 2/2 dot1x initializing ...
Console> (enable) set port dot1x 2/2 port-control auto
Port 2/2 dot1x port-control is set to auto.
Trunking disabled for port 2/2 due to Dot1x feature.
Spantree port fast start option enabled for port 2/2.
Console> (enable) set port dot1x 2/2 initialize
Port 2/2 dot1x initializing ...
Console> (enable) set port dot1x 2/2 guest-vlan 401
Port 2/2 Guest Vlan is set to 401
Console> (enable) set port dot1x 2/2 auth-fail-vlan 201
Port 2/2 Auth Fail Vlan is set to 201
Console> (enable)
Verifying the Config-Time 802.1X Private VLAN Settings
This example shows how to verify the config-time 802.1x private VLAN settings:
Console> (enable) show port 2/2
* = Configured MAC Address
# = 802.1X Authenticated Port Name.
Port Name Status Vlan Duplex Speed Type
----- -------------------- ---------- ---------- ------ ----------- ------------
2/2 connected 999 a-half a-10 10/100BaseTX
<...snip...>
Console> (enable) show port dot1x 2/2
Port Auth-State BEnd-State Port-Control Port-Status
----- ------------------- ---------- ------------------- -------------
2/2 connecting idle auto unauthorized
<...snip...>
Console> (enable) show pvlan
Primary Secondary Secondary-Type Ports
------- --------- ---------------- ------------
200 201 twoway-community
400 401 isolated
800 801 community
Console> (enable)
Verifying the Run-Time 802.1X-Assigned Private VLAN Settings
This example shows how to verify the run-time 802.1X-assigned private VLAN settings:
Console> (enable) show port dot1x guest-vlan
Guest-Vlan Status Mod/Ports
------------- -------- ------------------
401 active 2/2
none none 2/1,2/3-48,3/1-48,5/1-2
Console> (enable) show port dot1x auth-fail-vlan
Auth-Fail-Vlan Status Mod/Ports
-------------- -------- ------------------
201 active 2/2
none none 2/1,2/3-48,3/1-48,5/1-2
Console> (enable)
To Next Page