Table of Contents
Advertisement
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring a Guest VLAN
When you configure a guest VLAN, clients that are not 802.1x-capable are put into the guest VLAN when the server does
not receive a response to its EAP request/identity frame. Clients that are 802.1x-capable but that fail authentication are
not granted network access. The switch supports guest VLANs in single-host or multiple-hosts mode.
Command
1.
configure terminal
2.
interface interface-id
3.
switchport mode access
or
switchport mode private-vlan host
4.
authentication port-control auto
5.
authentication event no-response
action authorize vlan vlan-id
6.
end
7.
show authentication interface
interface-id
8.
copy running-config startup-config
Configuring a Restricted VLAN
When you configure a restricted VLAN on a switch, clients that are 802.1x-compliant are moved into the restricted VLAN
when the authentication server does not receive a valid username and password. The switch supports restricted VLANs
only in single-host mode.
Command
1.
configure terminal
2.
interface interface-id
3.
switchport mode access
or
switchport mode private-vlan host
4.
authentication port-control auto
5.
authentication event fail action authorize
vlan-id
Purpose
Enters global configuration mode.
Specifies the port to be configured, and enters interface configuration
mode.
Sets the port to access mode
or
Configures the Layer 2 port as a private-VLAN host port.
Enables 802.1x authentication on the port.
Specifies an active VLAN as an 802.1x guest VLAN. The range is
1 to 4096.
You can configure any active VLAN except an internal VLAN (routed port),
an RSPAN VLAN, a primary private VLAN, or a voice VLAN as an 802.1x
guest VLAN.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Specifies the port to be configured, and enters interface configuration
mode.
Sets the port to access mode,
or
Configures the Layer 2 port as a private-VLAN host port.
Enables 802.1x authentication on the port.
Specifies an active VLAN as an 802.1x restricted VLAN. The range is
1 to 4096.
You can configure any active VLAN except an internal VLAN (routed port),
an RSPAN VLAN, a primary private VLAN, or a voice VLAN as an 802.1x
restricted VLAN.
226
- Quick Links:
- Configuration Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
