hit counter script

Cisco 3020 - Catalyst Blade Switch Command Reference Manual page 97

Cisco catalyst blade switch 3020 for hp command reference, rel. 12.2(25)sef1
Hide thumbs Also See for 3020 - Cisco Catalyst Blade Switch:
Table of Contents

Advertisement

Chapter 2
Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands
You can configure any active VLAN except an Remote Switched Port Analyzer (RSPAN) VLAN or a
voice VLAN as an IEEE 802.1x guest VLAN. The guest VLAN feature is not supported on trunk ports;
it is supported only on access ports.
After you configure a guest VLAN for an IEEE 802.1x port to which a DHCP client is connected, you
might need to get a host IP address from a DHCP server. You can change the settings for restarting the
IEEE 802.1x authentication process on the switch before the DHCP process on the client times out and
tries to get a host IP address from the DHCP server. Decrease the settings for the IEEE 802.1x
authentication process (dot1x timeout quiet-period and dot1x timeout tx-period interface
configuration commands). The amount to decrease the settings depends on the connected IEEE 802.1x
client type.
The switch supports MAC authentication bypass. When it is enabled on an IEEE 802.1x port, the switch
can authorize clients based on the client MAC address when IEEE 802.1x authentication times out while
waiting for an EAPOL message exchange. After detecting a client on an IEEE 802.1x port, the switch
waits for an Ethernet packet from the client. The switch sends the authentication server a
RADIUS-access/request frame with a username and password based on the MAC address. If
authorization succeeds, the switch grants the client access to the network. If authorization fails, the
switch assigns the port to the guest VLAN if one is specified. For more information, see the "Using IEEE
802.1x Authentication with MAC Authentication Bypass" section in the "Configuring IEEE 802.1x
Port-Based Authentication" chapter of the software configuration guide.
Examples
This example shows how to specify VLAN 5 as an IEEE 802.1x guest VLAN:
Switch(config-if)# dot1x guest-vlan 5
This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that
the switch waits for a response to an EAP-request/identity frame from the client before resending the
request, and to enable VLAN 2 as an IEEE 802.1x guest VLAN when an IEEE 802.1x port is connected
to a DHCP client:
Switch(config-if)# dot1x timeout quiet-period 3
Switch(config-if)# dot1x timeout tx-period 15
Switch(config-if)# dot1x guest-vlan 2
This example shows how to enable the optional guest VLAN behavior and to specify VLAN 5 as an
IEEE 802.1x guest VLAN:
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# interface gigabitethernet0/21
Switch(config-if)# dot1x guest-vlan 5
You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC
command.
Related Commands
Command
dot1x
show dot1x
OL-8916-01
[interface interface-id]
Description
Enables the optional guest VLAN supplicant feature.
Displays IEEE 802.1x status for the specified port.
Cisco Catalyst Blade Switch 3020 for HP Command Reference
dot1x guest-vlan
2-69

Advertisement

Table of Contents
loading

Table of Contents