Cisco Systems DOC-7814982 Enabling 802.1X Authentication

8-8

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 8 Configuring 802.1X Port-Based Authentication

Configuring 802. 1X Authe n tication

Enabling 802.1X Authentication

To enable 802.1X port-based authentication, you must enable AAA and specify the authentication

method list. A method list describes the sequence and authentication methods to be queried to

authenticate a user.

The software uses the first method listed to authenticate users; if that method fails to respond, the

software sele cts t he next au then tica tio n met hod in t he meth od list . Thi s pro cess co ntin ues un til the re is

successful communication with a listed authentication method or until all defined methods are

exha usted. If au thentication fails at any poi nt in this c ycle, the authenticatio n process stops, and no other

authentication methods are attempted.

Beginning in privile ged EXEC mode, follow these steps to configure 802.1X port-based authentication.

This pr ocedure is requ ired.

To disable AAA, use the no aaa new-model global co nfigur ati on c omm a nd. To disable 80 2.1X AA A

authenti cation, use the no aaa authentication dot1x {default | list-name} method1 [method2...] global

configurati on co mma nd. To disa ble 80 2.1 X a ut hent ica tion, u se the dot1x port-control

force-authorized or the no dot1 x port-cont rol interface configuration command.

Command Purpose

Step 1 configure terminal Enter globa l configurati on mode.

Step 2 aaa new-model Enable AAA.

Step 3 aaa authent ication dot1x {default}

method1 [method2...] Create an 802.1X au thent icatio n method li st.

To create a default list that is used when a named list is not s pecified in

the authentication command, use the default keyword followed by the

methods that are to be used in default situations. The default method list

is automatically applied to all interfaces.

Enter at l east one of these keywords:

•group radius—Use the list of all RADIUS servers for authentication.

•none—Use no authentication. The client is automatically

authenticated by the switch without using the information supplied by

the cli ent .

Step 4 interface interface-id Enter inter face conf iguration mod e, and specify the interf ace connected to

the client that is to be enabled for 802.1X authentication.

Step 5 dot1x po rt -c ontrol au t o Enable 802.1X authentication on the interface.

F or feature inter action infor mation with trunk, dy namic, dynamic- access,

EtherChannel, secure, and SPAN ports, see the “802.1 X Co nfigurati on

Guidelines” section on page 8-7.

Step 6 end Return to privileged EXEC mode.

Step 7 show dot1x Verify your e ntri es.

Check the Status col umn in the 802 .1X Port Sum mary secti on of the

display. An enabled status means the port-control value is set either to

auto or to force-unauthorized.

Step 8 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.