Configuring Port-Based and User-Based Access Control (802.1X)

Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches

Configuring Switch Ports To Operate AsSupplicants for 802.1X Connections toOther Switches

802.1X Authentication Commands

page 10-18

802.1X Supplicant Commands

 

[no] aaa port-access < supplicant < [ethernet] < port-list>

page 10-49

[auth-timeout held-period start-period max-start initialize

page 10-49

identity secret clear-statistics]

 

802.1X-Related Show Commands

page 10-51

RADIUS server configuration

pages 10-25

 

 

A switch port can operate as a supplicant in a connection to a port on another 802.1X-aware switch to provide security on links between 802.1X-aware switches. (A port can operate as both an authenticator and a supplicant.)

Example

Suppose that you want to connect two switches, where:

Switch “A” has port A1 configured for 802.1X supplicant operation.

You want to connect port A1 on switch “A” to port B5 on switch “B”.

Port A1

Switch “B”

 

Port B5

Switch “A”

Port A1 Configured as an

802.1X Supplicant

LAN Core

RADIUS Server

Figure 10-9. Example of Supplicant Operation

1.When port A1 on switch “A” is first connected to a port on switch “B”, or if the ports are already connected and either switch reboots, port A1 begins sending start packets to port B5 on switch “B”.

10-47