9-31
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring MAC Authentication Bypass
Beginning in privileged EXEC mode, follow these steps to enable MAC authentication bypass. This
procedure is optional.
To disable MAC authentication bypass, use the
no dot1x mac-auth-bypass
interface configuration
command.
This example shows how to enable MAC authentication bypass:
Switch(config-if)#
dot1x mac-auth-bypass
Disabling IEEE 802.1x Authentication on the Port
You can disable IEEE 802.1x authentication on the port by using the
no dot1x pae
interface
configuration command.
Beginning in privileged EXEC mode, follow these steps to disable IEEE 802.1x authentication on the
port. This procedure is optional.
To configure the port as an IEEE 802.1x port access entity (PAE) authenticator, which enables
IEEE 802.1x on the port but does not allow clients connected to the port to be authorized, use the
dot1x
pae authenticator
interface configuration command.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
Configuration Guidelines” section on page 9-19
.
Step 3
dot1x port-control auto
Enable IEEE 802.1x authentication on the port.
Step 4
dot1x mac-auth-bypass
[
eap
]
Enable MAC authentication bypass.
(Optional) Use the
eap
keyword to configure the switch to use EAP for
authorization.
Step 5
end
Return to privileged EXEC mode.
Step 6
show dot1x interface
interface-id
Verify your entries.
Step 7
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
no dot1x pae
Disable IEEE 802.1x authentication on the port.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface
interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.