How to Configure EtherSwitch HWICs
Command or Action
Step 3
aaa authentication dot1x {default | listname}
method1 [method2...]
Example:
Router(config)# aaa authentication dot1x
default newmethod
Step 4
interface interface-id
Example:
Router(config)# interface 0/1/3
Step 5
dot1x port-control auto
Example:
Router(config-if)# dot1x port-control auto
Step 6
end
Example:
Router(config-if)# end
Step 7
show dot1x
Example:
Router# show dot1x
Step 8
copy running-config startup-config
Example:
Router# copy running-config startup-config
To disable AAA, use the no aaa new-model global configuration command. To disable 802.1x AAA
authentication, use the no aaa authentication dot1x {default | list-name} method1 [method2...] global
configuration command. To disable 802.1x, use the dot1x port-control force-authorized or the no
dot1x port-control interface configuration command.
Configuring the Switch-to-RADIUS-Server Communication
RADIUS security servers are identified by their host name or IP address, host name and specific UDP
port numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP
port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP
ports on a server at the same IP address. If two different host entries on the same RADIUS server are
Book Title
26
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards
Purpose
Creates an 802.1x authentication method list.
•
To create a default list that is used when a named list is
not specified in the authentication command, use the
default keyword followed by the methods that are to be
used in default situations. The default method list is
automatically applied to all interfaces.
Enter at least one of these keywords:
•
group radius—Use the list of all RADIUS servers
–
for authentication.
none—Use no authentication. The client is
–
automatically authenticated without the switch
using the information supplied by the client.
Enters interface configuration mode and specifies the
interface to be enabled for 802.1x authentication.
Enables 802.1x on the interface.
For feature interaction information with trunk,
•
dynamic, dynamic-access, EtherChannel, secure, and
SPAN ports see the
"802.1x Configuration Guidelines"
section on page
24.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.