Configuring Port-Based and User-Based Access Control (802.1X)

Configuring Switch Ports as 802.1X Authenticators

3. Configure the 802.1X Authentication Method

This task specifies how the switch authenticates the credentials provided by a supplicant connected to a switch port configured as an 802.1X authenticator

You can configure local, chap-radiusor eap-radiusas the primary password authentication method for the port-access method. You also need to select none or authorized as a secondary, or backup, method.

Syntax: aaa authentication port-access <chap-radius eap-radius local>

Configures local, chap-radius (MD5), or eap-radius as the primary password authentication method for port-access. The default primary authentication is local. (Refer to the documentation for your RADIUS server application.)

For switches covered in this guide, you must use the password port-accesscommand to configure the operator user- name and password for 802.1X access. See “General Setup Procedure for 802.1X Access Control” on page 10-14for more information.

[<none authorized >]

Provides options for secondary authentication. The none option specifies that a backup authentication method is not used. The authorized option allows access without authentication. (default: none).

For example, to enable the switch to perform 802.1X authentication using one or more EAP-capable RADIUS servers:

Configuration command for EAP-RADIUS authentication.

802.1X (Port-Access) configured for EAP- RADIUS authentication.

Figure 10-6. Example of 802.1X (Port-Access) Authentication

10-24