434
C
HAPTER
21: 802.1
X
C
ONFIGURATION
And that completes the configuration of the new radius server and associating it with
a domain.
Network Login
Network login must first be enabled globally by issuing the command dot1x:
[5500-xx]
dot1x
802.1x is enabled globally
(where
xx
is either EI or SI)
Once enabled globally, the network login needs to be enabled on a per port basis.
This can be done in one of two ways:
■
To enable dot1x on one port, enter the interface of the port and enable dot1x on
the port. For example:
[5500-xx]
interface ethernet 1/0/7
[5500-xx-Ethernet1/0/7]
dot1x
802.1x is enabled on port Ethernet1/0/7
[5500-xx-Ethernet1/0/7]
■
To enable dot1x on more than 1 port, enter the global dot1x command as follows:
[5500-xx]
dot1x interface Ethernet 1/0/7 to Ethernet 1/0/12 Ethernet
1/0/14 to Ethernet 1/0/20
802.1x is enabled on port Ethernet1/0/7 already
802.1x is enabled on port Ethernet1/0/8
802.1x is enabled on port Ethernet1/0/9
802.1x is enabled on port Ethernet1/0/10
802.1x is enabled on port Ethernet1/0/11
802.1x is enabled on port Ethernet1/0/12
802.1x is enabled on port Ethernet1/0/14
802.1x is enabled on port Ethernet1/0/15
802.1x is enabled on port Ethernet1/0/16
802.1x is enabled on port Ethernet1/0/17
802.1x is enabled on port Ethernet1/0/18
802.1x is enabled on port Ethernet1/0/19
802.1x is enabled on port Ethernet1/0/20
[5500-xx]
802.1x login is now enabled on the port. When a device with an 802.1x client
connects to the port, the user will be challenged for a username and password. The
username should be in the form ìuser@domainî where ìdomainî is the name of the
domain that was created on the Switch. This will tell the Switch which domain, and
subsequently which RADIUS server the user is associated with.
By default, the username sent to the RADIUS server for verification will be in the form
user@domain.
You can send the username without the domain extension to the RADIUS server This
can be changed under the RADIUS scheme as follows:
[5500-xx-radius-NewSchemeName]
user-name-format without-domain
Switch Login
The Switch 5500 supports Switch login, to allow multiple users access to the
management interface of the switch.
Summary of Contents for 5500 SI - Switch - Stackable
Page 24: ...24 ABOUT THIS GUIDE...
Page 50: ...50 CHAPTER 1 GETTING STARTED...
Page 54: ...54 CHAPTER 2 ADDRESS MANAGEMENT CONFIGURATION...
Page 78: ...78 CHAPTER 3 PORT OPERATION...
Page 88: ...88 CHAPTER 4 XRN CONFIGURATION...
Page 122: ...122 CHAPTER 8 VLAN VPN CONFIGURATION...
Page 216: ...216 CHAPTER 15 SSH TERMINAL SERVICES...
Page 268: ...268 CHAPTER 16 IP ROUTING PROTOCOL OPERATION...
Page 308: ...308 CHAPTER 17 NETWORK PROTOCOL OPERATION...
Page 349: ...349...
Page 350: ...350 CHAPTER 18 MULTICAST PROTOCOL...
Page 522: ...522 CHAPTER 22 FILE SYSTEM MANAGEMENT...
Page 584: ...584 CHAPTER 30 PASSWORD CONTROL CONFIGURATION OPERATIONS...
Page 600: ...600 CHAPTER 31 MSDP CONFIGURATION...
Page 614: ...614 CHAPTER 32 CLUSTERING...
Page 670: ...670 CHAPTER C AUTHENTICATING THE SWITCH 5500 WITH CISCO SECURE ACS...