1. Manuals
  2. Brands
  3. Computer Equipment
  4. Switch
  5. IBM
  6. Computer Equipment
  7. Switch

IBM 12.1(22)EA6 - page 137

1 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 550
Download on canonical page 550 pages, 5.74 Mb
6-21
Cisco Systems IntelligentGigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter6 Configuring IEEE 802 .1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command.
The port returns to the unauthorized state.
This example shows how to enable VLAN 9 as an IEEE 802.1x guest VLAN on a port:
Switch(config)# interface gigabitethernet0/17
Switch(config-if)# dot1x guest-vlan 9
You can enable optional guest VLAN behavior by using the dot1x guest-vlan supplicant global
configuration command. When enabled, the switch does not mai ntain the EAPOL packet history and
allows clients that fail authentication access to the guest VLAN, regardless of whether EAPOL packets
had been detected on the interface.
Beginning in privileged EXEC mode, follow these steps to enable the optional guest VLAN behavior
and to configure a guest VLAN. This procedure is optional.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the interface to be configured, and enter interface configuration
mode. For the supported interface types, see the “IEEE 802.1x
Configuration Guidelines” section on page 6-12.
Step3 switchport mode access Set the port to access mode.
Step4 dot1x port-control auto Enable IEEE 802.1x au thentication on the port.
Step5 dot1x guest-vlan vlan-id Specify an active VLAN as an IEEE 802.1x guest VLAN. The range is 1
to 4094.
You can configure any active VLAN except an RSPAN VLAN or a voice
VLAN as an IEEE 802.1x guest VLAN.
Step6 end Return to privileged EXEC mode.
Step7 show dot1x interface interface-id Verify your entries.
Step8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 dot1x guest-vlan supplicant Enable the optional guest VLAN behavior globally on the switch.
Step3 interface interface-id Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the “IEEE 802.1x Configuration
Guidelines” section on page 6-12.
Step4 switchport mode access Set the port to access mode.
Step5 dot1x port-control auto Enable IEEE 802.1x au thentication on the port.
Step6 dot1x guest-vlan vlan-id Specify an active VLAN as an IEEE 802.1x guest VLAN. The range is 1
to 4094.
You can configure any active VLAN except an RSPAN VLAN or a voice
VLAN as an IEEE 802.1x guest VLAN.
Step7 end Return to privileged EXEC mode.
MENU

Models

Contents