5-1
5
Configuring Port-Based Access Control
(802.1x)
Contents
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
How 802.1x Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Authenticator Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Switch-Port Supplicant Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
General Operating Rules and Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
General Setup Procedure for Port-Based Access
Control (802.1x) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Overview: Configuring 802.1x Authentication on the Switch . . . . . . . 5-9
Configuring Switch Ports as 802.1x Authenticators . . . . . . . . . . . . 5-10
1. Disable LACP on the Ports Selected for 802.1x Access . . . . . . . . . 5-10
2. Enable 802.1x Authentication on Selected Ports . . . . . . . . . . . . . . 5-11
3. Configure the 802.1x Authentication Method . . . . . . . . . . . . . . . . . 5-13
4. Enter the RADIUS Host IP Address(es) . . . . . . . . . . . . . . . . . . . . . . 5-14
5. Optional: For Authenticator Ports, Configure Port-Security To
Allow Only 802.1x Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
6. Enable 802.1x Authentication on the Switch . . . . . . . . . . . . . . . . . . 5-16
Configuring Switch Ports To Operate As Supplicants for 802.1x
Connections to Other Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Displaying 802.1x Configuration, Statistics, and Counters . . . . . . 5-21
Show Commands for Port-Access Authenticator . . . . . . . . . . . . . . . . 5-21
Show Commands for Port-Access Supplicant . . . . . . . . . . . . . . . . . . . 5-23
How 802.1x Authentication Affects VLAN Operation . . . . . . . . . . . 5-24
Messages Related to 802.1x Operation . . . . . . . . . . . . . . . . . . . . . . . . 5-28
!FishSecurity.book Page 1 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
