10-44
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Step7 The user disconnects from the port.
Step8 The switch sends a stop message to the accounting server.
Beginning in privileged EXEC mode, follow these steps to configure 802.1x port-based authentication:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 aaa new-model Enable AAA.
Step3 aaa authentication dot1x {default}
method1
Create an 802.1x authentication method list.
To create a default list to use when a named list is not specified in the
authentication command, use the default keyword followed by the
method to use in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Note Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.
Step4 dot1x system-auth-control Enable 802.1x authentication globally on the switch.
Step5 aaa authorization network {default}
group radius
(Optional) Configure the switch to use user-RADIUS authorization for all
network-related service requests, such as per-user ACLs or VLAN
assignment.
For per-user ACLs, single-host mode must be configured. This setting is
the default.
Step6 radius-server host ip-address (Optional) Specify the IP address of the RADIUS server.
Step7 radius-server key string (Optional) Specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
Step8 interface interface-id Specify the port connected to the client to enable for802.1x
authentication, and enter interface configuration mode.
Step9 switchport mode access (Optional) Set the port to access mode only if you configured the RADIUS
server in Step 6 and Step 7.
Step10 authentication port-control auto
or
dot1x port-control auto
Enable 802.1x authentication on the port.
For feature interaction information, see the “802.1x Authentication
Configuration Guidelines” section on page 10-38.
Step11 end Return to privileged EXEC mode.
Step12 show authentication
or
show dot1x
Verify your entries.
Step13 copy running-config startup-config (Optional) Save your entries in the configuration file.