Cisco Catalyst 4500 Series Software Configuration Manual page 1338
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Except for an RSPAN VLAN or a voice VLAN, you can configure any active VLAN as an 802.1X guest
Note
VLAN.
To configure 802.1X with guest VLAN on a port, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# interface
interface-id
Step 3
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Step 4
Switch(config-if)# dot1x pae
authenticator
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
event no-response action authorize
vlan vlan-id
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x guest-vlan
vlan-id
Step 6
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
port-control auto
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
port-control auto
Step 7
Switch(config-if)# end
Step 8
Switch(config)# end
This example shows how to enable regular VLAN 50 on Fast Ethernet 4/3 as a guest VLAN on a static access port:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fa4/3
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication event no-response action authorize vlan 50
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fa4/3
Switch(config-if)# switchport mode access
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
49-58
Chapter 49
Purpose
Enters global configuration mode.
Enters interface configuration mode and specifies the interface to be
enabled for 802.1X authentication.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Enables 802.1X authentication on the port with default parameters.
Refer to the
"Default 802.1X Configuration" section on page
Enables a guest VLAN on a particular interface.
To disable the guest VLAN feature on a particular port, use the
no authentication event no-response action authorize vlan interface
configuration command (for earlier releases, use the no dot1x guest-vlan
interface configuration command).
Enables 802.1X authentication on the interface.
Returns to configuration mode.
Returns to privileged EXEC mode.
Configuring 802.1X Port-Based Authentication
49-27.
Advertisement
Chapters
Table of Contents
Troubleshooting
