49-79
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
This example shows how to enable 802.1X fallback to MAB, and then to enable web-based authentication, on an
802.1X-enabled port:
Switch(config)#
ip admission name rule1 proxy http
Switch(config)#
fallback profile fallback1
Switch(config-fallback-profile)#
ip access-group default-policy in
Switch(config-fallback-profile)#
ip admission rule1
Switch(config-fallback-profile)#
exit
Switch(config)#
interface gigabit5/9
Switch(config-if)#
switchport mode access
Switch(config-if)#
authentication port-control auto
Switch(config-if)#
dot1x pae authenticator
Switch(config-if)#
authentication order dot1x mab webauth
Switch(config-if)#
mab eap
Switch(config-if)#
authentication fallback fallback1
Switch(config-if)#
exit
Switch(config)#
ip device tracking
Switch(config)#
exit
To determine if a host was authenticated using 802.1X when fallback authentication is configured on the port, enter the
following commands:
Switch#
show authentication sessions interface g7/2
Interface: GigabitEthernet7/2
MAC Address: 0060.b057.4687
IP Address: Unknown
User-Name: test2
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8013F0000000901BAB560
Acct Session ID: 0x0000000B
Handle: 0xE8000009
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
Switch#
show dot1x interfaces g7/2 detail
Step 15
Switch(config-if)#
authentication timer restart
seconds
(Optional) Specifies a period after which the
authentication process restarts in an attempt to
authenticate an unauthorized port.
•
seconds
—Specifies the restart period. The range is
from 1 to 65535 seconds.
Step 16
Switch(config-if)#
exit
Returns to global configuration mode.
Step 17
Switch(config)#
ip device tracking
Enables the IP device tracking table, which is required for
web-based authentication.
Step 18
Switch(config)#
exit
Returns to privileged EXEC mode.
Step 19
Switch#
show dot1x interface
type slot/port
Verifies your entries.
Command
Purpose
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...