12-49
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 12 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To disable MAC authentication bypass, use the
no dot1x mac-auth-bypass
interface configuration
command.
This example shows how to enable MAC authentication bypass:
Switch(config-if)#
dot1x mac-auth-bypass
Configuring NAC Layer 2 802.1x Validation
You can configure NAC Layer 2 802.1x validation, which is also referred to as 802.1x authentication
with a RADIUS server.
Beginning in privileged EXEC mode, follow these steps to configure NAC Layer 2 802.1x validation.
The procedure is optional.
Step 4
dot1x mac-auth-bypass
[
eap
|
timeout
activity
{
value
}]
Enable MAC authentication bypass.
(Optional) Use the
eap
keyword to configure the switch to use EAP for
authorization.
(Optional) Use the
timeout activity
keywords to configured the number
of seconds that a connected host can be inactive before it is placed in an
unauthorized state. The range is 1 to 65535.
You must enable port security before configuring a time out value. For
more information, see the
“Configuring Port Security” section on
page 26-8
.
Step 5
end
Return to privileged EXEC mode.
Step 6
show authentication
interface-id
or
show dot1x interface
interface-id
Verify your entries.
Step 7
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x guest-vlan
vlan-id
Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to
4094.
You can configure any active VLAN except an RSPAN VLAN, or a voice
VLAN as an 802.1x guest VLAN.
Step 4
authentication periodic
or
dot1x reauthentication
Enable periodic re-authentication of the client, which is disabled by
default.