Cisco Catalyst 3550 series Software Configuration Manual page 230
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Configuring 802.1X Authentication
Command
Step 3
aaa authentication dot1x {default}
method1 [method2...]
Step 4
dot1x system-auth-control
Step 5
aaa authorization network {default}
group radius
Step 6
interface interface-id
Step 7
dot1x port-control auto
Step 8
end
Step 9
show dot1x
Step 10
copy running-config startup-config
To disable AAA, use the no aaa new-model global configuration command. To disable 802.1X AAA
authentication, use the no aaa authentication dot1x {default | list-name} global configuration
command. To disable 802.1X AAA authorization, use the no aaa authorization global configuration
command. To disable 802.1X authentication on the switch, use the no dot1x system-auth-control global
configuration command.
This example shows how to enable AAA and 802.1X on Fast Ethernet port 0/1:
Switch# configure terminal
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# dot1x system-auth-control
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Catalyst 3550 Multilayer Switch Software Configuration Guide
9-12
Purpose
Create an 802.1X authentication method list.
To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
methods that are to be used in default situations. The default method list
is automatically applied to all interfaces.
Enter at least one of these keywords:
group radius—Use the list of all RADIUS servers for authentication.
•
•
none—Use no authentication. The client is automatically
authenticated by the switch without using the information supplied by
the client.
Enable 802.1X authentication globally on the switch.
(Optional) Configure the switch for user RADIUS authorization for all
network-related service requests, such as per-user ACLs or VLAN
assignment.
Note
To configure per-user ACLs, single-host mode must be enabled.
This setting is the default.
Enter interface configuration mode, and specify the interface connected to
the client to be enabled for 802.1X authentication.
Enable 802.1X authentication on the interface.
For feature interaction information, see the
Guidelines" section on page
Return to privileged EXEC mode.
Verify your entries.
Check the Status column in the 802.1X Port Summary section of the
display. An enabled status means the port-control value is set either to
auto or to force-unauthorized.
(Optional) Save your entries in the configuration file.
Chapter 9
Configuring 802.1X Port-Based Authentication
"802.1X Configuration
9-10.
78-11194-09
Advertisement
Table of Contents
Troubleshooting
