Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

 

Command

Purpose

Step 3

 

 

dot1x control-direction {both in}

Enable IEEE 802.1x authentication with WoL on the port, and use these

 

 

keywords to configure the port as bidirectional or unidirectional.

 

 

both—Sets the port as bidirectional. The port cannot receive packets

 

 

from or send packets to the host. By default, the port is bidirectional.

 

 

in—Sets the port as unidirectional. The port can send packets to the

 

 

host but cannot receive packets from the host.

Step 4

 

 

end

Return to privileged EXEC mode.

Step 5

 

 

show dot1x interface interface-id

Verify your entries.

Step 6

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

To disable IEEE 802.1x authentication with WoL, use the no dot1x control-directioninterface configuration command.

This example shows how to enable IEEE 802.1x authentication with WoL and set the port as bidirectional:

Switch(config-if)#dot1x control-direction both

Configuring MAC Authentication Bypass

Beginning in privileged EXEC mode, follow these steps to enable MAC authentication bypass. This procedure is optional.

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

Step 2

 

 

interface interface-id

Specify the port to be configured, and enter interface configuration mode.

 

 

For the supported port types, see the “IEEE 802.1x Authentication

 

 

Configuration Guidelines” section on page 10-23.

Step 3

 

 

dot1x port-control auto

Enable IEEE 802.1x authentication on the port.

Step 4

 

 

dot1x mac-auth-bypass [eap]

Enable MAC authentication bypass.

 

 

(Optional) Use the eap keyword to configure the switch to use EAP for

 

 

authorization.

Step 5

 

 

end

Return to privileged EXEC mode.

Step 6

 

 

show dot1x interface interface-id

Verify your entries.

Step 7

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

To disable MAC authentication bypass, use the no dot1x mac-auth-bypassinterface configuration command.

This example shows how to enable MAC authentication bypass:

Switch(config-if)#dot1x mac-auth-bypass

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

 

 

 

 

 

 

OL-9775-02

 

 

10-39

 

 

 

 

 

Page 291
Image 291
Cisco Systems 3750E manual Configuring MAC Authentication Bypass, Dot1x control-direction both, 10-39