dot1x
dot1x
Use the dot1x global configuration command to globally enable IEEE 802.1x. Use the no form of this
command to return to the default setting.
Syntax Description
system-auth-control
guest-vlan supplicant
Defaults
IEEE 802.1x is disabled, and the optional guest VLAN behavior is disabled.
Command Modes
Global configuration
Command History
Release
12.2(25)FX
Usage Guidelines
You must enable authentication, authorization, and accounting (AAA) and specify the authentication
method list before globally enabling IEEE 802.1x. A method list describes the sequence and
authentication methods to be used to authenticate a user.
Before globally enabling IEEE 802.1x on a switch, remove the EtherChannel configuration from the
interfaces on which IEEE 802.1x and EtherChannel are configured.
If you are using a device running the Cisco Access Control Server (ACS) application for IEEE 802.1x
authentication with EAP-Transparent LAN Services (TLS) and with EAP-MD5, make sure that the
device is running ACS Version 3.2.1 or later.
You can use the guest-vlan supplicant keywords to enable the optional IEEE 802.1x guest VLAN
behavior globally on the switch. For more information, see the
Examples
This example shows how to globally enable IEEE 802.1x on a switch:
Switch(config)# dot1x system-auth-control
This example shows how to globally enable the optional guest VLAN behavior on a switch:
Switch(config)# dot1x guest-vlan supplicant
You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC
command.
Catalyst 2960 Switch Command Reference
2-62
dot1x {system-auth-control} | {guest-vlan supplicant}
no dot1x {system-auth-control} | {guest-vlan supplicant}
Enable IEEE 802.1x globally on the switch.
Enable optional guest VLAN behavior globally on the switch.
Modification
This command was introduced.
Chapter 2
Catalyst 2960 Switch Cisco IOS Commands
dot1x guest-vlan
command.
78-16882-01