13-46
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring 802.1x User Distribution
Beginning in global configuration, follow these steps to configure a VLAN group an d to map a VLAN
to it:
Configuring NAC Layer 2 802.1x Validation
You can configure NAC Layer 2 802.1x validation, which is also referred to as 802.1x authentication
with a RADIUS server.
Step 9 authentication server dead
action authorize [vlan]
Authorizes the switch in access VLAN or configured VLAN (if the VLAN is
specified) when the ACS server is down.
Step 10 end Returns to privileged EXEC mode.
Step 11 show authentication
interface interface-id
(Optional) Verifies your entries.
Step 12 copy running-config
startup-config
(Optional) Saves your entries in the con figuration file.
Command Purpose
Command Purpose
Step 1 vlan group vlan-group-name vlan-list vlan-list Configures a VLAN group, and maps a single VLAN or a range
of VLANs to it.
Step 2 show vlan group all vlan-group-name Verifies the configuration.
Step 3 no vlan group vlan-group-name vlan-list
vlan-list
Clears the VLAN group configuration or elements of the VLAN
group configuration.
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
Step 3 authentication event no-response
action authorize vlan vlan-id
Specifies an active VLAN as an 802.1x guest VLAN. The range is 1
to 4096.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN, or a voice VLAN as an 802.1x guest VLAN.
Step 4 authentication periodic Enables periodic reauthentication of the client, which is disabled by
default.
Step 5 authentication timer reauthenticate Sets reauthentication attempt for the client (set to one hour).
This command affects the behavior of the switch only if periodic
reauthentication is enabled.
Step 6 end Returns to privileged EXEC mode.