Cisco Catalyst 4500 Series Software Configuration Manual page 1339
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 49
Configuring 802.1X Port-Based Authentication
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x guest-vlan 50
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch#
This example shows how to enable a secondary PVLAN 100 as a guest VLAN on a PVLAN host port:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fa4/3
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# authentication port-control auto
Switch(config-if)# authentication event no-response action authorize vlan 100
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fa4/3
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x guest-vlan 100
Switch(config-if)# end
Switch#
To allow supplicants into a guest VLAN on a switch, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch# dot1x guest-vlan supplicant
Step 3
Switch(config)# interface
interface-id
Step 4
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Step 5
Switch(config-if)# dot1x pae
authenticator
Step 6
Switch(config-if)# dot1x guest-vlan
vlan-id
Purpose
Enters global configuration mode.
(Optional) Enables supplicants to be allowed into the guest VLANs
globally on the switch.
Note
To disable the supplicant guest VLAN feature on a switch, use the
no dot1x guest-vlan supplicant global configuration command.
Enters interface configuration mode and specifies the interface to be
enabled for 802.1X authentication.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Enables 802.1X authentication on the port with default parameters.
Refer to the
Specifies an active VLAN as an 802.1X guest VLAN. The range is 1 to
4094.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Although not visible in the CLI for
Cisco IOS Release 12.3(31)SG, legacy configurations that
include the dot1x guest-vlan supplicant command still work. We
do not recommend that you use this command. However, because
the authentication failed VLAN option makes it unnecessary.
"Default 802.1X Configuration" section on page
Configuring 802.1X Port-Based Authentication
49-27.
49-59
Advertisement
Chapters
Table of Contents
Troubleshooting
