Enabling 802.1X Authentication For The Dhcp Relay Agent - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch
Hide thumbs Also See for WS-C6506:
Table of Contents

Advertisement

Chapter 40
Configuring 802.1X Authentication
Console> (enable)

Enabling 802.1X Authentication for the DHCP Relay Agent

To enable the DCHP Relay Agent to send 802.1X parameters for a particular VLAN to the DHCP server,
perform this task in privileged mode:
The management VLAN (the VLAN that is configured on the sc0 or sc1 interfaces) cannot be mapped
Note
to an ACL that has a dot1x-dhcp ACE. You cannot use the clear config interface command when
VLAN 1 or VLAN 2 is mapped to an ACL that has a dot1x-dhcp ACE.
Task
Step 1
Enable 802.1X authentication for the DHCP
Relay Agent.
Note
Step 2
Verify the 802.1X configuration.
This example shows how to create an ACL entry for the 802.1X DHCP relay traffic:
Console> (enable) set security acl ip dhcp_relay permit dot1x_dhcp
Successfully configured Dot1x Dhcp ACL for dhcp_relay. Use 'commit' command to save
changes
This example shows how to configure the ACL to allow other traffic than DHCP on an existing ACL
entry:
Console> (enable) set security acl ip dhcp_relay permit any
dhcp_relay editbuffer modified. Use 'commit' command to apply changes.
console> (enable)
This example shows how to commit the ACE to NVRAM:
Console> (enable) commit security acl dhcp_relay
Commit operation in progress
ACL 'dhcp_relay' successfully committed.
This example shows how to map the VLANs that should be applied to dhcp-relay-acl:
Console> (enable) set security acl map dhcp_relay 1-3,20
Mapping in progress...
ACL dhcp_relay successfully mapped to VLAN 1.
ACL dhcp_relay successfully mapped to VLAN 2.
ACL dhcp_relay successfully mapped to VLAN 3.
ACL dhcp_relay successfully mapped to VLAN 20.
The DHCP Relay Agent Information field is added in the DHCP packet that is forwarded from the client
to the server. The VLANs that are not mapped to "dhcp-relay-acl" and all DHCP packets are switched
as usual without any modifications.
OL-8978-04
This command creates an ACE entry with
the given ACL name. The ACL can have
other ACE entries but DHCP ACE entries
are given priority.
Command
set security acl ip acl_name permit dot1x-dhcp
show dot1x
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring 802.1X Authentication on the Switch
40-23

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 6506Catalyst 6509Catalyst 6513

Table of Contents