Table of Contents
Advertisement
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring an Authenticator and Supplicant
You can also use an Auto Smartports user-defined macro instead of the switch VSA to configure the authenticator switch.
For information,
seeConfiguring Smartports Macros, page
Configuring an Authenticator
Before You Begin
One switch outside a wiring closet must be configured as a supplicant and be connected to an authenticator switch.
Note:
The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the interface as a
trunk after the supplicant is successfully authenticated.
Command
1.
configure terminal
2.
cisp enable
3.
interface interface-id
4.
switchport mode access
5.
authentication port-control auto
6.
dot1x pae authenticator
7.
spanning-tree portfast
8.
end
9.
show running-config interface
interface-id
10.
copy running-config startup-config
Configuring a Supplicant Switch with NEAT
Command
1.
configure terminal
2.
cisp enable
3.
dot1x credentials profile
4.
username suppswitch
5.
password password
6.
dot1x supplicant force-multicast
7.
interface interface-id
8.
switchport mode trunk
9.
dot1x pae supplicant
10.
dot1x credentials profile-name
257.
Purpose
Enters global configuration mode.
Enables CISP.
Specifies the port to be configured, and enters interface configuration
mode.
Sets the port mode to access.
Sets the port-authentication mode to auto.
Configures the interface as a port access entity (PAE) authenticator.
Enables Port Fast on an access port connected to a single workstation
or server.
Returns to privileged EXEC mode.
Verifies your configuration.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Enables CISP.
Creates 802.1x credentials profile. This must be attached to the port
that is configured as supplicant.
Creates a username.
Creates a password for the new username.
Forces the switch to send only multicast EAPOL packets when it
receives either unicast or multicast packets.
This also allows NEAT to work on the supplicant switch in all host
modes.
Specifies the port to be configured, and enters interface configuration
mode.
Configures the interface as a VLAN trunk port.
Configures the interface as a port access entity (PAE) supplicant.
Attaches the 802.1x credentials profile to the interface.
230
- Quick Links:
- Configuration Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
