13-38
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring the Host Mode
This task describes how to configure a single host (client) or multiple hosts on an 802.1x-authorized
port.
Step 5 switchport mode access Sets the port to access mode.
Step 6 authentication violation {shutdown |
restrict | protect | replace}
Configures the violation mode.
shutdown—Error-disables the port.
restrict—Generates a syslog error.
protect—Drops packets from any new device that sends traffic to the
port.
replace—Removes the current session and authenticates with the new
host.
Step 7 end Returns to privileged EXEC mode.
Step 8 show authentication Verifies your entries.
Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 radius-server vsa send authentication Configures the network access server to recognize and use
vendor-specific attributes (VSAs).
Step 3 interface interface-id Specifies the port to which multiple hosts are indirectly attached, and
enter interface configuration mode.
Step 4 authentication host-mode [multi-auth |
multi-domain | multi-host |
single-host]
The keywords have these meanings:
multi-auth—Allows one client on the voice VLAN and multiple
authenticated clients on the data VLAN. Each host is individually
authenticated.
Note The multi-auth keyword is only available with the
authentication host-mode command.
multi-host—Allows multiple hosts on an 802.1x-authorized port
after a single host has been authenticated.
multi-domain—Allows both a host and a voice device, such as an IP
phone (Cisco or non-Cisco), to be authenticated on
an 802.1x-authorized port.
Note You must configure the voice VLAN for the IP phone when the
host mode is set to multi-domain. For more information, see
Chapter 19, “Configuring Voice VLAN.”
single-host—Allows a single host (client) on an 802.1x-authorized
port.
Make sure that the authentication port-control interface configuration
command set is set to auto for the specified interface.