Configuring 802.1X With Mac Authentication Bypass - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
This example shows how to enable the guest VLAN feature and to specify VLAN 5 as a guest VLAN:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# interface gigabitethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication event no-response action authorize vlan 5
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# interface gigabitethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x guest-vlan 5
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch#
Configuring 802.1X with MAC Authentication Bypass
To enable MAC Authentication Bypass (MAB), perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# interface
interface-id
Step 3
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Step 4
Switch(config-if)# dot1x pae
authenticator
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
port-control auto
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
port-control auto
Step 6
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# mab [eap]
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
mac-auth-bypass [eap]
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
46-62
Chapter 46
Purpose
Enters global configuration mode.
Specifies the port to be configured, and enters interface configuration
mode.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Enables 802.1X authentication on the port with default parameters.
Refer to the
"Default 802.1X Configuration" section on page
Enables 802.1X authentication on the interface.
Enables MAB on a switch.
The eap option specifies that a complete EAP conversation should be
used, as opposed to standard RADIUS Access-Request, Access-Accept
conversation. By default, the eap option is not enabled for MAB.
Configuring 802.1X Port-Based Authentication
46-30.
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
