Cisco Catalyst 2960-XR Security Configuration Manual page 276

Configuring 802.1x Port-Based Authentication
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
aaa new-model
Example:
Switch(config)# aaa new-model
Step 3 aaa authentication dot1x {default} method1
Example:
Switch(config)# aaa authentication dot1x
default group radius
Step 4
dot1x system-auth-control
Example:
Switch(config)# dot1x system-auth-control
Step 5 aaa authorization network {default} group
radius
Example:
Switch(config)# aaa authorization network
default group radius
Step 6
radius-server host ip-address
Example:
Switch(config)# radius-server host
124.2.2.12
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
254
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Enters the global configuration mode.
Enables AAA.
Creates an 802.1x authentication method list.
To create a default list that is used when a named list is not
specified in the authentication command, use the default keyword
followed by the method that is to be used in default situations.
The default method list is automatically applied to all ports.
For method1, enter the group radius keywords to use the list of
all RADIUS servers for authentication.
Though other keywords are visible in the command-line
Note
help string, only the group radius keywords are
supported.
Enables 802.1x authentication globally on the switch.
(Optional) Configures the switch to use user-RADIUS
authorization for all network-related service requests, such as
per-user ACLs or VLAN assignment.
For per-user ACLs, single-host mode must be configured.
Note
This setting is the default.
(Optional) Specifies the IP address of the RADIUS server.
OL-29434-01