Cisco Catalyst 4500 Series Software Configuration Manual page 1358
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Command
Step 3
Switch(config-fallback-profile)# ip access-group
rule-name in
Step 4
Switch(config-fallback-profile)# ip admission
name rule-name
Step 5
Switch(config-fallback-profile)# exit
Step 6
Switch(config)# interface type slot/port
Step 7
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication port-control
auto
Cisco IOS Release 12.2(46)SG or earlier releases
Switch(config-if)# dot1x port-control auto
Step 8
Switch(config-if)# authentication order method1
[method2] [method3]
Step 9
Switch(config-if)# authentication priority
method1 [method2] [method3]
Step 10
Switch(config-if)# authentication event fail
action next-method
Step 11
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# mab [eap]
Cisco IOS Release 12.2(46)SG or earlier releases
Switch(config-if)# dot1x mac-auth-bypass [eap]
Step 12
Switch(config-if)# authentication fallback
profile-name
Step 13
Switch(config-if)# authentication violation
[shutdown | restrict]
Step 14
Switch(config-if)# authentication timer
inactivity {seconds | server}
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
49-78
Chapter 49
Configuring 802.1X Port-Based Authentication
Purpose
Specifies the default ACL to apply to network traffic
before web-based authentication.
Associates an IP admission rule with the profile and
specifies that a client connecting by web-based
authentication uses this rule.
Returns to global configuration mode.
Specifies the port to be configured and enters interface
configuration mode.
type = fastethernet, gigabitethernet, or
tengigabitethernet
Enables authentication on the port.
(Optional) Specifies the fallback order of authentication
methods to be used. The three values of method, in the
default order, are dot1x, mab, and webauth. The
specified order also determines the relative priority of the
methods for reauthentication (highest to lowest).
(Optional) Overrides the relative priority of
authentication methods to be used. The three values of
method, in the default order of priority, are dot1x, mab,
and webauth.
Specifies that the next configured authentication method
be applied if authentication fails.
Enables MAC authentication bypass. The optional eap
keyword specifies that the EAP extension be used during
RADIUS authentication.
Enables web-based authentication using the specified
profile.
(Optional) Configures the disposition of the port if a
security violation occurs. The default action is to shut
down the port. If the restrict keyword is configured, the
port does not shut down, but trap entries are installed for
the violating MAC address, and traffic from that MAC
address is dropped.
(Optional) Configures the inactivity timeout value for
MAB and 802.1X. By default, inactivity aging is disabled
for a port.
•
seconds—Specifies inactivity timeout period. The
range is from 1 to 65535 seconds.
•
server—Specifies that the inactivity timeout period
value be obtained from the authentication server.
Advertisement
Chapters
Table of Contents
Troubleshooting
