Configuring IEEE 802.1x Authentication
Enabling IEEE 802.1x Authentication
To enable IEEE 802.1x port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.
To allow VLAN assignment, you must enable AAA authorization to configure the switch for all
network-related service requests.
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1x port-based
authentication. This procedure is required.
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication dot1x {default}
method1
Step 4
dot1x system-auth-control
Step 5
aaa authorization network {default}
group radius
Step 6
radius-server host ip-address
Step 7
radius-server key string
Step 8
interface interface-id
Step 9
swtichport mode access
Step 10
dot1x port-control auto
Step 11
end
Step 12
show dot1x
Step 13
copy running-config startup-config
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
9-14
Chapter 9
Purpose
Enter global configuration mode.
Enable AAA.
Create an IEEE 802.1x authentication method list.
To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keyword to use the list of all
RADIUS servers for authentication.
Though other keywords are visible in the command-line help
Note
string, only the default and group radius keywords are
supported.
Enable IEEE 802.1x authentication globally on the switch.
(Optional) Configure the switch for user RADIUS authorization for all
network-related service requests, such as VLAN assignment.
(Optional) Specify the IP address of the RADIUS server.
(Optional) Specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
Specify the port connected to the client that is to be enabled for IEEE
802.1x authentication, and enter interface configuration mode.
(Optional) Set the port to access mode only if you configured the
RADIUS server in Step 6 and Step 7.
Enable IEEE 802.1x authentication on the interface.
For feature interaction information, see the
Guidelines" section on page
Return to privileged EXEC mode.
Verify your entries.
Check the Status column in the IEEE 802.1x Port Summary section of the
display. An enabled status means the port-control value is set either to
auto or to force-unauthorized.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
"IEEE 802.1x Configuration
9-12.
78-11380-12