How to Configure 802.1x Port-Based Authentication
Command or Action
Step 4
dot1x system-auth-control
Example:
Switch(config)# dot1x system-auth-control
Step 5
aaa authorization network {default} group
radius
Example:
Switch(config)# aaa authorization network
default group radius
Step 6
radius-server host ip-address
Example:
Switch(config)# radius-server host
124.2.2.12
Step 7
radius-server key string
Example:
Switch(config)# radius-server key abc1234
Step 8
interface interface-id
Example:
Switch(config)# interface
gigabitethernet1/0/2
Step 9
switchport mode access
Example:
Switch(config-if)# switchport mode access
Step 10
authentication port-control auto
Example:
Switch(config-if)# authentication
port-control auto
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1364
Purpose
Enables 802.1x authentication globally on the switch.
(Optional) Configures the switch to use user-RADIUS
authorization for all network-related service requests, such as
per-user ACLs or VLAN assignment.
For per-user ACLs, single-host mode must be configured.
Note
This setting is the default.
(Optional) Specifies the IP address of the RADIUS server.
(Optional) Specifies the authentication and encryption key used
between the switch and the RADIUS daemon running on the
RADIUS server.
Specifies the port connected to the client that is to be enabled for
IEEE 802.1x authentication, and enter interface configuration
mode.
(Optional) Sets the port to access mode only if you configured the
RADIUS server in Step 6 and Step 7.
Enables 802.1x authentication on the port.