Chapter 5: Switching Commands 401
Port-Based Network Access Control Commands
This section describes the commands you use to configure port-based network
access control (IEEE 802.1X). Port-based network access control allows you to
permit access to network services only to and devices that are authorized and
authenticated.
aaa authentication
dot1x default
Use this command to configure the authentication method for port-based access
to the switch. The additional methods of authentication are used only if the
previous method returns an error, not if there is an authentication failure. The
possible methods are as follows:
◆ ias. Uses the internal authentication server users database for authentication.
This method can be used in conjunction with any one of the existing methods
like local, radius, etc.
◆ local. Uses the local username database for authentication.
◆ none. Uses no authentication.
◆ radius. Uses the list of all RADIUS servers for authentication.
The following is an example of the command.
Broadcom FASTPATH Routing) #
(CN1610) #configure
(CN1610) (Config)#aaa authentication dot1x default ias none
(CN1610) (Config)#aaa authentication dot1x default ias local radius
none
clear dot1x
statistics
This command resets the 802.1X statistics for the specified port or for all ports.
Format
aaa authentication dot1x default {[ias]|[
method1
[method2 [method3]]]}
Mode Global Config
Format
clear dot1x statistics
{slot/port | all}
Mode Privileged EXEC
To Next Page
Loading...
