Cisco WS-CBS3032-DEL Software Configuration Manual page 287

Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
This is the 802.1x AAA process:
A user connects to a port on the switch.
Step 1
Authentication is performed.
Step 2
VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.
Step 3
Step 4 The switch sends a start message to an accounting server.
Step 5 Re-authentication is performed, as necessary.
Step 6 The switch sends an interim accounting update to the accounting server that is based on the result of
re-authentication.
Step 7 The user disconnects from the port.
Step 8 The switch sends a stop message to the accounting server.
Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication:
Command
Step 1
configure terminal
Step 2 aaa new-model
Step 3 aaa authentication dot1x {default}
method1
Step 4
dot1x system-auth-control
Step 5 aaa authorization network {default}
group radius
Step 6 radius-server host ip-address
Step 7 radius-server key string
Step 8 interface interface-id
Step 9 switchport mode access
OL-13270-06
Purpose
Enter global configuration mode.
Enable AAA.
Create an 802.1x authentication method list.
To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Note Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.
Enable 802.1x authentication globally on the switch.
(Optional) Configure the switch to use user-RADIUS authorization for all
network-related service requests, such as per-user ACLs or VLAN
assignment.
For per-user ACLs, single-host mode must be configured. This
Note
setting is the default.
(Optional) Specify the IP address of the RADIUS server.
(Optional) Specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
Specify the port connected to the client that is to be enabled for
IEEE 802.1x authentication, and enter interface configuration mode.
(Optional) Set the port to access mode only if you configured the RADIUS
server in Step 6 and Step 7.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Configuring 802.1x Authentication
9-39