Configuring 802.1X Violation Modes; Configuring 802.1X Authentication - Cisco IE-3000-8TC Software Configuration Manual
Software configuration guide
Hide thumbs
Also See for IE-3000-8TC:
- Command reference manual (802 pages) ,
- Administration manual (496 pages) ,
- Message manual (98 pages)
Table of Contents
Advertisement
Configuring 802.1x Authentication
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
•
•
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication dot1x {default}
method1
Step 4
interface interface-id
Step 5
switchport mode access
Step 6
authentication violation shutdown |
restrict | protect}
or
dot1x violation-mode {shutdown |
restrict | protect}
Step 7
end
Step 8
show authentication
or
show dot1x
Step 9
copy running-config startup-config
Configuring 802.1x Authentication
To configure 802.1x port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.
To allow VLAN assignment, you must enable AAA authorization to configure the switch for all
network-related service requests.
Cisco IE 3000 Switch Software Configuration Guide
12-32
a device connects to an 802.1x-enable port
the maximum number of allowed about devices have been authenticated on the port
Purpose
Enter global configuration mode.
Enable AAA.
Create an 802.1x authentication method list.
To create a default list to use when a named list is not specified in the
authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Note
Specify the port connected to the client that is to be enabled for 802.1x
authentication, and enter interface configuration mode.
Set the port to access mode.
Configure the violation mode. The keywords have these meanings:
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 12
Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.
•
shutdown–Error disable the port.
restrict–Generate a syslog error.
•
protect–Drop packets from any new device that sends traffic to the
•
port.
Configuring IEEE 802.1x Port-Based Authentication
OL-13018-03
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
