Cisco Catalyst 2960 Software Configuration Manual page 312
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Configuring 802.1x Authentication
Re-authentication is performed, as necessary.
Step 5
The switch sends an interim accounting update to the accounting server, that is based on the result of
Step 6
re-authentication.
The user disconnects from the port.
Step 7
The switch sends a stop message to the accounting server.
Step 8
Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication dot1x {default}
method1
Step 4
dot1x system-auth-control
Step 5
aaa authorization network {default}
group radius
Step 6
radius-server host ip-address
Step 7
radius-server key string
Step 8
interface interface-id
Step 9
switchport mode access
Step 10
authentication port-control auto
Step 11
dot1x pae authenticator
Step 12
end
Step 13
show authentication
Step 14
copy running-config startup-config
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
10-44
Chapter 10
Purpose
Enter global configuration mode.
Enable AAA.
Create an 802.1x authentication method list.
To create a default list to use when a named list is not specified in the
authentication command, use the default keyword followed by the
method to use in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Though other keywords are visible in the command-line help
Note
string, only the group radius keywords are supported.
Enable 802.1x authentication globally on the switch.
(Optional) Configure the switch to use user-RADIUS authorization for all
network-related service requests, such as VLAN assignment.
(Optional) Specify the IP address of the RADIUS server.
(Optional) Specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
Specify the port connected to the client to enable for 802.1x
authentication, and enter interface configuration mode.
(Optional) Set the port to access mode only if you configured the RADIUS
server in Step 6 and Step 7.
Enable 802.1x authentication on the port.
For feature interaction information, see the
Configuration Guidelines" section on page
Set the interface Port Access Entity to act only as an authenticator and
ignore messages meant for a supplicant.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
"802.1x Authentication
10-38.
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
