Cisco Catalyst 4500 Series Software Configuration Manual page 1343
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 49
Configuring 802.1X Port-Based Authentication
To configure a port as a critical port and to enable the Inaccessible Authentication Bypass feature, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# dot1x critical
eapol
Step 3
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Catalyst 4948E-F, Supervisor Engine
6-E, and Supervisor Engine 6L-E] Cisco IOS
Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)X and later
Switch(config)# authentication
critical recovery delay msec
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config)# dot1x critical
recovery delay msec
Step 4
Switch(config)# interface
interface-id
Step 5
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Step 6
Switch(config-if)# dot1x pae
authenticator
Step 7
Switch(config-if)# authentication
port-control auto
Purpose
Enters global configuration mode.
(Optional) Configures whether to send an EAPOL-Success packet when
a port is critically authorized partway through an EAP exchange.
Note
The default is not to send EAPOL-Success packets when a port is
critically authorized partway through an EAP exchange. If there is no
ongoing EAP exchange at the time when a port is critically authorized,
EAPOL-Success packet is always sent out regardless of this option.
(Optional) Specifies a throttle rate for the reinitialization of critically
authorized ports when the RADIUS server becomes available. The default
throttle rate is 100 milliseconds. This means that 10 ports reinitialize per
second.
Specifies the port to be configured and enters interface configuration
mode.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Enables 802.1X authentication on the port with default parameters.
Refer to the
Enables 802.1X authentication on the interface.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Some supplicants require this.
"Default 802.1X Configuration" section on page
Configuring 802.1X Port-Based Authentication
49-27.
49-63
Advertisement
Chapters
Table of Contents
Troubleshooting
