802.1X | 91
Important Points to Remember
• FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and
MS-CHAPv2 with PEAP.
• All platforms support only RADIUS as the authentication server.
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary
RADIUS server, if configured.
• 802.1X is not supported on port-channels or port-channel members.
Enabling 802.1X
802.1X must be enabled globally.
To enable 802.1X:
Verify that 802.1X is enabled globally and at interface level using the command
show running-config | find
dot1x
from EXEC Privilege mode, as shown in the example below.
FTOS#show running-config | find dot1x
dot1x authentication
!
[output omitted]
!
interface TenGigabitEthernet 2/1
Step Task Command Syntax Command Mode
1 Enable 802.1X globally.
dot1x authentication
CONFIGURATION
2 Enter INTERFACE mode on an interface or a range of
interfaces.
interface [range]
INTERFACE
3 Enable 802.1X on the supplicant interface only.
dot1x authentication
INTERFACE