5-9
Configuring Port-Based Access Control (802.1x)
Setup Procedure for Port-Based Access Control (802.1x)
Overview: Configuring 802.1x Authentication on the
Switch
This section outlines of the steps for configuring 802.1x on the switch. For
detailed information on each step, refer to “Configuring the Switch for
RADIUS Authentication” on page 3-6 or “Configuring Switch Ports To Operate
As Supplicants for 802.1x Connections to Other Switches” on page 5-17.
1. Disable LACP on the ports on which you want to use 802.1x authentica-
tion. (Refer to the “Note on 802.1x and LACP” on page 5-8.)
2. Enable 802.1x authentication on the individual ports you want to serve as
authenticators. On the ports you will use as authenticators, either accept
the default 802.1x settings or change them, as necessary. Note that, by
default, the port-control parameter is set to auto for all ports on the switch.
This requires a client to support 802.1x authentication and to provide valid
credentials to get network access.
See page 5-11.
3. Configure the 802.1x authentication type. Options include:
• Local Operator username and password (the default). This allows a
client to use the switch’s local username and password as valid 802.1x
credentials for network access.
• EAP RADIUS: Use if your RADIUS server application supports EAP
authentication for 802.1x.
• CHAP (MD5) RADIUS: Use if your RADIUS server application sup-
ports CHAP (MD5) authentication.
See page 5-13.
4. If you selected either eap-radius or chap-radius for step 3, use the radius
host command to configure up to three RADIUS server IP address(es) on
the switch. See page 5-14.
5. Enable 802.1x authentication on the switch. See page 5-16.
6. Test both the authorized and unauthorized access to your system to
ensure that the 802.1x authentication works properly on the ports you
have configured for port-access.
Note If you want to implement the optional port security feature (step 7) on the
switch, you should first ensure that the ports you have configured as 802.1x
authenticators operate as expected.
!FishSecurity.book Page 9 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
