Basic EAC Configuration Sequence
Basic EAC Configuration Sequence
1.
2.
3.
4.
802.1X Authentication Configuration
The following example shows the basic 802.1x configuration on a Gigabit Ethernet port:
Router(config)# dot1x system-auth-control
Router(config)# interface GigabitEthernet2/1
Router(config-if)# authentication port-control auto
Router(config-if)# dot1x pae authenticator
For additional information on configuring 802.1x authentication, see the configuration guide for your
access switch.
Verifying the 802.1X Configuration
To verify 802.1X authentication configuration, use the show authentication interface command.
Router# show authentication interface gigabitEthernet 2/1
*May
Client list:
Interface
Gi2/1
Available methods list:
Handle
Runnable methods list:
Handle
And to verify the port has successfully authenticated:
Router# show dot1x interface gigabitEthernet 2/1 details
Dot1x Info for GigabitEthernet2/1
-----------------------------------
PAE
PortControl
ControlDirection
HostMode
QuietPeriod
ServerTimeout
SuppTimeout
ReAuthMax
MaxReq
TxPeriod
Dot1x Authenticator Client List
Cisco TrustSec Configuration Guide
6-2
Configure the Cisco Secure ACS to provision SGTs to authenticated endpoint hosts.
Enable SXP on access switches. See the chapter,
(SXP) and Layer 3 Transport."
Enable any combination of 802.1X, MAB, or WebAuth authentication methods on the access switch.
Enable DHCP and IP device tracking on access switches.
7 11:22:06: %SYS-5-CONFIG_I: Configured from console by console
MAC Address
000c.293a.048e
Priority
Name
3
0
dot1x
Priority
Name
3
1
dot1x
= AUTHENTICATOR
= AUTO
= Both
= SINGLE_HOST
= 60
= 30
= 30
= 2
= 2
= 30
"Configuring SGT Exchange Protocol over TCP
Domain
Status
DATA
Authz Success
Chapter 6
Configuring Endpoint Admission Control
Session ID
AC1AD01F0000000904BBECD8
OL-22192-01