Cisco Catalyst 4500 Series Software Configuration Manual page 1359
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 49
Configuring 802.1X Port-Based Authentication
Command
Step 15
Switch(config-if)# authentication timer restart
seconds
Step 16
Switch(config-if)# exit
Step 17
Switch(config)# ip device tracking
Step 18
Switch(config)# exit
Step 19
Switch# show dot1x interface type slot/port
This example shows how to enable 802.1X fallback to MAB, and then to enable web-based authentication, on an
802.1X-enabled port:
Switch(config)# ip admission name rule1 proxy http
Switch(config)# fallback profile fallback1
Switch(config-fallback-profile)# ip access-group default-policy in
Switch(config-fallback-profile)# ip admission rule1
Switch(config-fallback-profile)# exit
Switch(config)# interface gigabit5/9
Switch(config-if)# switchport mode access
Switch(config-if)# authentication port-control auto
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication order dot1x mab webauth
Switch(config-if)# mab eap
Switch(config-if)# authentication fallback fallback1
Switch(config-if)# exit
Switch(config)# ip device tracking
Switch(config)# exit
To determine if a host was authenticated using 802.1X when fallback authentication is configured on the port, enter the
following commands:
Switch# show authentication sessions interface g7/2
Interface:
MAC Address:
IP Address:
User-Name:
Status:
Domain:
Oper host mode:
Oper control dir:
Authorized By:
Vlan Policy:
Session timeout:
Idle timeout:
Common Session ID:
Acct Session ID:
Handle:
Runnable methods list:
Method
State
dot1x
Authc Success
mab
Not run
Switch# show dot1x interfaces g7/2 detail
GigabitEthernet7/2
0060.b057.4687
Unknown
test2
Authz Success
DATA
multi-auth
both
Authentication Server
N/A
N/A
N/A
C0A8013F0000000901BAB560
0x0000000B
0xE8000009
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Configuring 802.1X Port-Based Authentication
Purpose
(Optional) Specifies a period after which the
authentication process restarts in an attempt to
authenticate an unauthorized port.
seconds—Specifies the restart period. The range is
•
from 1 to 65535 seconds.
Returns to global configuration mode.
Enables the IP device tracking table, which is required for
web-based authentication.
Returns to privileged EXEC mode.
Verifies your entries.
49-79
Advertisement
Chapters
Table of Contents
Troubleshooting
