hit counter script

Cisco Catalyst 3560-X Software Configuration Manual page 332

Hide thumbs Also See for Catalyst 3560-X:
Table of Contents

Advertisement

Configuring 802.1x Authentication
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication dot1x {default}
method1
Step 4
interface interface-id
Step 5
switchport mode access
Step 6
authentication violation {shutdown |
restrict | protect | replace}
Step 7
end
Step 8
show authentication
Step 9
copy running-config startup-config
Configuring 802.1x Authentication
To configure 802.1x port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.
To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the
switch for all network-related service requests.
This is the 802.1x AAA process:
A user connects to a port on the switch.
Step 1
Authentication is performed.
Step 2
VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration.
Step 3
Step 4
The switch sends a start message to an accounting server.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-44
Chapter 1
Purpose
Enter global configuration mode.
Enable AAA.
Create an 802.1x authentication method list.
To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Though other keywords are visible in the command-line help
Note
string, only the group radius keywords are supported.
Specify the port connected to the client that is to be enabled for
IEEE 802.1x authentication, and enter interface configuration mode.
Set the port to access mode.
Configure the violation mode. The keywords have these meanings:
shutdown–Error disable the port.
restrict–Generate a syslog error.
protect–Drop packets from any new device that sends traffic to the
port.
replace–Removes the current session and authenticates with the new
host.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
OL-25303-03

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 3750-x

Table of Contents