Cisco Catalyst 4500 series Administration Manual page 1218
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Command
Step 10
Switch(config-if)# authentication event fail
action next-method
Step 11
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# mab [eap]
Cisco IOS Release 12.2(46)SG or earlier releases
Switch(config-if)# dot1x mac-auth-bypass [eap]
Step 12
Switch(config-if)# authentication fallback
profile-name
Step 13
Switch(config-if)# authentication violation
[shutdown | restrict]
Step 14
Switch(config-if)# authentication timer
inactivity {seconds | server}
Step 15
Switch(config-if)# authentication timer restart
seconds
Step 16
Switch(config-if)# exit
Step 17
Switch(config)# ip device tracking
Step 18
Switch(config)# exit
Step 19
Switch# show dot1x interface type slot/port
This example shows how to enable 802.1X fallback to MAB, and then to enable web-based
authentication, on an 802.1X-enabled port:
Switch(config)# ip admission name rule1 proxy http
Switch(config)# fallback profile fallback1
Switch(config-fallback-profile)# ip access-group default-policy in
Switch(config-fallback-profile)# ip admission rule1
Switch(config-fallback-profile)# exit
Switch(config)# interface gigabit5/9
Switch(config-if)# switchport mode access
Switch(config-if)# authentication port-control auto
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication order dot1x mab webauth
Switch(config-if)# mab eap
Switch(config-if)# authentication fallback fallback1
Switch(config-if)# exit
Switch(config)# ip device tracking
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
46-80
Chapter 46
Configuring 802.1X Port-Based Authentication
Purpose
Specifies that the next configured authentication method
be applied if authentication fails.
Enables MAC authentication bypass. The optional eap
keyword specifies that the EAP extension be used during
RADIUS authentication.
Enables web-based authentication using the specified
profile.
(Optional) Configures the disposition of the port if a
security violation occurs. The default action is to shut
down the port. If the restrict keyword is configured, the
port does not shut down, but trap entries are installed for
the violating MAC address, and traffic from that MAC
address is dropped.
(Optional) Configures the inactivity timeout value for
MAB and 802.1X. By default, inactivity aging is disabled
for a port.
seconds—Specifies inactivity timeout period. The
•
range is from 1 to 65535 seconds.
•
server—Specifies that the inactivity timeout period
value be obtained from the authentication server.
(Optional) Specifies a period after which the
authentication process restarts in an attempt to
authenticate an unauthorized port.
seconds—Specifies the restart period. The range is
•
from 1 to 65535 seconds.
Returns to global configuration mode.
Enables the IP device tracking table, which is required for
web-based authentication.
Returns to privileged EXEC mode.
Verifies your entries.
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
