Chapter 49
Configuring 802.1X Port-Based Authentication
Cisco IOS Release 12.2(46) or earlier
Switch# configure terminal
Switch(config)# interface f7/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x timeout reauth-attempts server
Switch(config-if)# end
Switch# show dot1x interface f7/1 det
Dot1x Info for FastEthernet7/11
-----------------------------------
PAE
PortControl
ControlDirection
HostMode
ReAuthentication
QuietPeriod
ServerTimeout
SuppTimeout
ReAuthPeriod
ReAuthMax
MaxReq
TxPeriod
RateLimitPeriod
Dot1x Authenticator Client List Empty
Port Status
Switch#
Configuring MAC Move
MAC move allows an authenticated host to move from one switch port to another.
Note
You should remove port security before configuring MAC move.
To globally enable MAC move on the switch, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# authentication
mac-move permit
Step 3
Switch(config-if)# end
Step 4
Switch# show run
Step 5
Switch # copy running-config
startup-config
This example shows how to globally enable MAC move on a switch:
Switch# configure terminal
Switch(config)# authentication mac-move permit
= AUTHENTICATOR
= FORCE_AUTHORIZED
= Both
= SINGLE_HOST
= Disabled
= 60
= 30
= 30
= (From Authentication Server)
= 2
= 2
= 30
= 0
= AUTHORIZED
Purpose
Enters global configuration mode.
Enable MAC move globally.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Configuring 802.1X Port-Based Authentication
49-55