Configuring 802.1X Port-Based Authentication
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface gigabitethernet3/3
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x mac-auth-bypass
Switch(config-if)# end
Switch# show dot1x int g3/3 details
Dot1x Info for GigabitEthernet3/3
-----------------------------------
PAE
PortControl
ControlDirection
HostMode
ReAuthentication
QuietPeriod
ServerTimeout
SuppTimeout
ReAuthPeriod
ReAuthMax
MaxReq
TxPeriod
RateLimitPeriod
Mac-Auth-Bypass
Dot1x Authenticator Client List
-------------------------------
Supplicant
Auth SM State
= AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status
Authentication Method
Authorized By
Vlan Policy
Switch#
Configuring 802.1X with Inaccessible Authentication Bypass
You must configure the switch to monitor the state of the RADIUS server as described in the section
Caution
Configuring Switch-to-RADIUS-Server Communication, page 49-32
Bypass to work properly. Specifically, you must configure the RADIUS test username, idle-time,
deadtime and dead-criteria. Failure to do so results in the switch failing to detect that the RADIUS server
has gone down, or prematurely marking a dead RADIUS server as alive again.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
49-62
= AUTHENTICATOR
= AUTO
= Both
= SINGLE_HOST
= Disabled
= 60
= 30
= 30
= 3600 (Locally configured)
= 2
= 2
= 1
= 0
= Enabled
= 0000.0000.0001
= AUTHORIZED
= MAB
= Authentication Server
= N/A
Chapter 49
Configuring 802.1X Port-Based Authentication
for Inaccessible Authentication