9-44
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide
OL-12247-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
This example shows how to configure IEEE 802.1x authentication with web authentication as a fallback
method.
Switch(config)
configure terminal
Switch(config)#
ip admission name
rule1
proxy http
Switch(config)#
fallback profile fallback1
Switch(config-fallback-profile)#
ip access-group default-policy in
Switch(config-fallback-profile)#
ip admission rule1
Switch(config-fallback-profile)#
exit
Switch(config)#
interface gigabitethernet1/0/1
Switch(config-if)#
switchport mode access
Switch(config-if)#
dot1x port-control auto
Switch(config-if)#
dot1x fallback fallback1
Switch(config-if)#
end
For more information about the ip admission name and dot1x fallback commands, see the command
reference for this release. For more information about the ip admission name and ip access-group
commands, see the
Network Admission Control Software Configuration Guide
on Cisco.com.
Disabling IEEE 802.1x Authentication on the Port
You can disable IEEE 802.1x authentication on the port by using the no dot1x pae interface
configuration command.
Beginning in privileged EXEC mode, follow these steps to disable IEEE 802.1x authentication on the
port. This procedure is optional.
Step 9
dot1x port-control auto
Enable IEEE 802.1x authentication on the interface.
Step 10
dot1x fallback fallback-profile
Configure the port to authenticate a client by using web
authentication when no IEEE 802.1x supplicant is detected on the
port. Any change to the fallback-profile global configuration takes
effect the next time IEEE 802.1x fallback is invoked on the interface.
Note
Web authorization cannot be used as a fallback method for
IEEE 802.1x if the port is configured for multidomain
authentication.
Step 11
exit
Return to privileged EXEC mode.
Step 12
show dot1x interface interface-id
Verify your configuration.
Step 13
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
no dot1x pae
Disable IEEE 802.1x authentication on the port.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.