Disabling 802.1X Authentication For The Dhcp Relay Agent; Adding Hosts To An 802.1X Guest Vlan - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Configuring 802.1X Authentication on the Switch

Disabling 802.1X Authentication for the DHCP Relay Agent

To disable the DCHP Relay Agent from sending the 802.1X parameters for a particular VLAN to the DHCP

server, perform this task in privileged mode:

Disable 802.1X authentication for the DHCP

Relay Agent.

Verify the 802.1X configuration.

This example shows how to configure the DHCP Relay Agent to stop sending the 802.1X authentication

parameters for VLANs 1–3 and 20 and verify the configuration:

Console> (enable) clear security acl map dhcp_relay 1-3,20

Successfully cleared mapping between ACL dhcp_relay and VLAN 1.

Successfully cleared mapping between ACL dhcp_relay and VLAN 2.

Successfully cleared mapping between ACL dhcp_relay and VLAN 3.

Successfully cleared mapping between ACL dhcp_relay and VLAN 20.

Typically, the guest VLANs support minimal services and provide minimal network access. The hosts

can be added to the guest VLAN only when the set port dot1x mod/port port-control auto command

option is used. If you change the set port dot1x mod/port port-control command option from auto to

force-authorized or force-unauthorized, the host is removed from the guest VLAN and added back to

the port VLAN.

To add a port to an 802.1X guest VLAN, perform this task in privileged mode:

Configure an active VLAN as an 802.1X guest

Verify the per-port 802.1X guest VLAN

configuration.

This example shows how to add port 3/1 to 802.1X guest VLAN 200:

Console> (enable) set port dot1x 3/1 guest-vlan 200

Port 3/1 is Multiple-authentication enabled, guest-vlan can not be enabled

Console> (enable) set port dot1x 3/1 multiple-authentication disable

Port 3/1 Multiple-authentication option disabled

Console> (enable) set port dot1x 3/1 guest-vlan 200

Port 3/1 Guest Vlan is set to 200

Console> (enable) show port dot1x guest-vlan

------------- -------- ------------------

Console> (enable)

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

2/1-2,3/2-48,8/1-8

Configuring 802.1X Authentication

clear security acl map dhcp_relay vlan_ID

set port dot1x mod/port guest-vlan {vlan | none}

show port dot1x guest-vlan

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Disabling 802.1X Authentication For The Dhcp Relay Agent; Adding Hosts To An 802.1X Guest Vlan - Cisco WS-C6506 Software Manual

Disabling 802.1X Authentication for the DHCP Relay Agent

Adding Hosts to an 802.1X Guest VLAN

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Content for Cisco WS-C6506

This manual is also suitable for:

Table of Contents