Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

Beginning in privileged EXEC mode, follow these steps to configure a port to use web authentication:

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

Step 2

 

 

ip admission name rule proxy http

Define a web authentication rule.

 

 

Note The same rule cannot be used for both web authentication and

 

 

NAC Layer 2 IP validation.

Step 3

interface interface-id

 

Specify the port to be configured, and enter interface configuration

 

 

mode.

Step 4

switchport mode access

 

Set the port to access mode.

Step 5

ip access-group access-listin

 

Specify the default access control list to be applied to network traffic

 

 

before web authentication.

Step 6

 

 

ip admission rule

Apply an IP admission rule to the interface.

Step 7

 

 

end

Return to privileged EXEC mode.

Step 8

 

 

show running-config interface

Verify your configuration.

 

interface-id

 

Step 9

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

This example shows how to configure only web authentication on a switch port:

Switch# configure terminal

Switch(config)# ip admission name rule1 proxy http

Switch(config)# interface gigabit1/0/1

Switch(config-if)#switchport mode access

Switch(config-if)#ip access-group policy1 in

Switch(config-if)# ip admission rule1

Switch(config-if)# end

Beginning in privileged EXEC mode, follow these steps to configure a switch port for IEEE 802.1x authentication with web authentication as a fallback method:

 

 

Command

Purpose

 

 

Step 1

 

 

 

 

configure terminal

Enter global configuration mode.

 

 

 

 

 

 

Step 2 ip admission name rule proxy http

Define a web authentication rule.

 

Step 3

 

 

 

 

fallback profile fallback-profile

Define a fallback profile to allow an IEEE 802.1x port to

 

 

 

 

 

authenticate a client by using web authentication.

 

Step 4

 

 

 

 

ip access-group policy in

Specify the default access control list to apply to network traffic

 

 

 

 

 

before web authentication.

 

Step 5

 

 

 

 

ip admission rule

Associate an IP admission rule with the profile, and specify that

 

 

 

 

 

a client connecting by web authentication uses this rule.

 

Step 6

 

 

 

 

end

Return to privileged EXEC mode.

 

Step 7

 

 

 

 

interface interface-id

Specify the port to be configured, and enter interface

 

 

 

 

 

configuration mode.

 

Step 8

 

 

 

 

switchport mode access

Set the port to access mode.

 

Step 9

 

 

 

 

dot1x port-control auto

Enable IEEE 802.1x authentication on the interface.

 

 

 

 

 

 

 

 

 

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

 

 

 

 

 

10-42

 

 

 

OL-9775-02

 

 

 

 

 

 

Page 294
Image 294
Cisco Systems 3750E manual 10-42