10-20
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter10 Configuring 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring 802.1x Accounting
Enabling AAA system accounting with 802.1x accounting allows system reload events to be sent to the
accounting RADIUS server for logging. The server can then infer that all active 802.1x sessions are
closed.
Because RADIUS uses the unreliable UDP transport protocol, acco unting messages might be lost due to
poor network conditions. If the switch does not receive the accounting response message from the
RADIUS server after a configurable number of retransmissions of an accounting request, this system
message appears:
Accounting message %s for session %s failed to receive Accounting Response.
When the stop message is not sent successfully, this message appears:
00:09:55: %RADIUS-3-NOACCOUNTINGRESPONSE: Accounting message Start for session
172.20.50.145 sam 11/06/03 07:01:16 11000002 failed to receive Accounting Response.
Step3 aaa authentication dot1x {default}
method1 [method2...] Create an 802.1x authentication method list.
To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
methods that are to be used in default situations. The default method list
is automatically applied to all ports.
Enter at least one of these keywords:
group radius—Use the list of all RADIUS servers for authentication.
none—Use no authentication. The client is automatically
authenticated by the switch without using the information supplied by
the client.
Step4 dot1x system-auth-control Enable 802.1x authentication globally on the switch.
Step5 aaa authorization network {default}
group radius (Optional) Configure the switch for user RADIUS authorization for all
network-related service requests, such as per-user ACLs or VLAN
assignment.
Note For per-user ACLs, single-host mode must be configured. This
setting is the default.
Step6 interface interface-id Specify the port connected to the client that is to be enabled for 802.1x
authentication, and enter interface configuration mode.
Step7 dot1x port-control auto Enable 802.1x authentication on the port.
For feature interaction information, see the “802.1x Configuration
Guidelines” section on page10-10.
Step8 end Return to privileged EXEC mode.
Step9 show dot1x Verify your entries.
Step10 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose