Chapter 25
Configuring IEEE 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
These sections describe how to configure 802.1X port-based authentication:
•
•
•
•
•
•
•
•
•
•
Enabling 802.1X Port-Based Authentication
To enable 802.1X port-based authentication, you must enable AAA and specify the authentication
method list. A method list describes the sequence and authentication methods to be queried to
authenticate a user.
The software uses the first method listed to authenticate users; if that method fails to respond, the
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
To configure 802.1X port-based authentication, perform this task:
Command
Step 1
Router(config)# aaa new-model
Router(config)# no aaa new-model
Step 2
Router(config)# aaa authentication dot1x
{default} method1 [method2
Router(config)# no aaa authentication dot1x
{default | list_name}
Step 3
Router(config)# dot1x system-auth-control
Router(config)# no dot1x system-auth-control
Step 4
Router(config)# interface type
Step 5
Router(config-if)# dot1x port-control auto
Router(config-if)# no dot1x port-control auto
78-14064-04
Enabling 802.1X Port-Based Authentication, page 25-7
Configuring Cisco 7600 Series Router-to-RADIUS-Server Communication, page 25-8
Enabling Periodic Reauthentication, page 25-10
Manually Reauthenticating the Client Connected to a Port, page 25-11
Initializing Authentication for the Client Connected to a Port, page 25-11
Changing the Quiet Period, page 25-11
Changing the Cisco 7600 Series Router-to-Client Retransmission Time, page 25-12
Setting the Cisco 7600 Series Router-to-Client Frame Retransmission Number, page 25-14
Enabling Multiple Hosts, page 25-14
Resetting the 802.1X Configuration to the Default Values, page 25-15
...
]
1
slot/port
Purpose
Enables AAA.
Disables AAA.
Creates an 802.1X port-based authentication method list.
Clears the configured method list.
Globally enables 802.1X port-based authentication.
Globally disables 802.1X port-based authentication.
Enters interface configuration mode and specifies the
interface to be enabled for 802.1X port-based
authentication.
Enables 802.1X port-based authentication on the
interface.
Disables 802.1X port-based authentication on the
interface.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
Configuring 802.1X Port-Based Authentication
25-7