49-81
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
To determine if a host was authenticated using web authentication when fallback authentication is configured on the port, enter
the following commands:
Switch#
show authentication sessions interface G4/3
Interface: GigabitEthernet4/3
MAC Address: 0015.e981.0531
IP Address: 10.5.63.13
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A053F0F0000000200112FFC
Acct Session ID: 0x00000003
Handle: 0x09000002
Runnable methods list:
Method State
dot1x Failed over
mab Failed over
webauth Authc Success
Switch#
show ip admission cache
Authentication Proxy Cache
Total Sessions: 1 Init Sessions: 0
Client IP 10.5.63.13 Port 4643, timeout 1000, state ESTAB
Cisco IOS Release 12.2(46)SG or earlier
Switch(config)#
ip admission name rule1 proxy http
Switch(config)#
fallback profile fallback1
Switch(config-fallback-profile)#
ip access-group default-policy in
Switch(config-fallback-profile)#
ip admission rule1
Switch(config-fallback-profile)#
exit
Switch(config)#
interface gigabit5/9
Switch(config-if)#
switchport mode access
Switch(config-if)#
dot1x port-control auto
Switch(config-if)#
dot1x pae authenticator
Switch(config-if)#
authentication order dot1x mab webauth
Switch(config-if)#
dot1x mac-auth-bypass eap
Switch(config-if)#
adot1x fallback fallback1
Switch(config-if)#
exit
Switch(config)#
ip device tracking
Switch(config)#
exit
Enabling Periodic Reauthentication
You can enable periodic 802.1X client reauthentication and specify how often it occurs. If you do not specify a time value
before enabling reauthentication, the interval between reauthentication attempts is 3600 seconds.
Automatic 802.1X client reauthentication is a per-interface setting and can be set for clients connected to individual ports. To
manually reauthenticate the client connected to a specific port, see the
“Changing the Quiet Period” section on page 49-84
.
Содержание Catalyst 4500 Series
Страница 2: ......
Страница 4: ......
Страница 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...