Configuring 802.1X Authentication - Cisco Catalyst 2960-XR Security Configuration Manual

Configuring 802.1x Authentication

Command or Action
Step 6
authentication violation {shutdown | restrict
| protect | replace}
Example:
Switch(config-if)# authentication
violation restrict
Step 7 end
Example:
Switch(config-if)# end
Configuring 802.1x Authentication
To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the switch
for all network-related service requests.
This is the 802.1x AAA process:
Before You Begin
To configure 802.1x port-based authentication, you must enable authentication, authorization, and accounting
(AAA) and specify the authentication method list. A method list describes the sequence and authentication
method to be queried to authenticate a user.
SUMMARY STEPS
1. A user connects to a port on the switch.
2. Authentication is performed.
3. VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.
4. The switch sends a start message to an accounting server.
5. Re-authentication is performed, as necessary.
6. The switch sends an interim accounting update to the accounting server that is based on the result of
re-authentication.
7. The user disconnects from the port.
8. The switch sends a stop message to the accounting server.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
252
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Configures the violation mode. The keywords have these meanings:
• shutdown–Error disable the port.
• restrict–Generate a syslog error.
• protect–Drop packets from any new device that sends traffic
to the port.
• replace–Removes the current session and authenticates with
the new host.
Returns to privileged EXEC mode.
OL-29434-01