29-17
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter29 Understanding and Conf iguring 802.1X Port-Based Authentication
How to Configure 802.1X
To disable AAA, use the no aaa new-model global configuration command.
To disable 802.1X AAA authentication, use the no aaa authentication dot1x {default | list-name}
method1 [method2...] global configuration command.
To disable 802.1X authentication, use the dot1x port-control force-authorized or the no dot1x
port-control interface configuration command.
This example shows how to enable AAA and 802.1X on Fast Ethernet port 2/1:
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# interface fastethernet2/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Configuring Switch-to-RADIUS-Server Communication
A RADIUS security server is identified by its host name or IP address, host name and specific UDP port
number, or IP address and specific UDP port numbers. The combination of the IP address and UDP port
number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on
a server at the same IP address. If two different host entries on the same RADIUS server are configured
for the same service—for example, authentication—the second host entry configured acts as the fail-over
backup to the first one. The RADIUS host entries are tried in the order they were configured.
Step10 Switch# show running-config Verifies your entries.
Step11 Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose