User Guide
567
Configuring 802.1x
802.1x Configuration
Switch#configure
Switch(config)#dot1x system-auth-control
Switch(config)#dot1x auth-protocol
pap
Switch(config)#show dot1x global
802.1X State: Enabled
Authentication Protocol: PAP
Handshake State: Enabled
802.1X Accounting State: Disabled
802.1X VLAN Assignment State: Disabled
Switch(config)#end
Switch#copy running-config startup-config
2.2.3 Configuring 802.1x on Ports
Follow these steps to configure the port:
Step 1
configure
Enter global configuration mode.
Step 2
interface {fastEthernet
port
| range fastEthernet
port-list
| gigabitEthernet
port
| range
gigabitEthernet
port-list
| ten-gigabitEthernet
port
| range ten-gigabitEthernet
port-list
}
Enter interface configuration mode.
port:
Enter the ID of the port to be configured.
Step 3
dot1x
Enable 802.1x authentication for the port.
Step 4
dot1x mab
Enable the MAB (MAC-Based Authentication Bypass) feature for the port.
With MAB feature enabled, the switch automatically sends the authentication server
a RADIUS access request frame with the client’s MAC address as the username and
password. It is also necessary to configure the RADIUS server with the client’s information
for authentication. You can enable this feature on IEEE 802.1x ports connected to devices
without 802.1x capability. For example, most printers, IP phones and fax machines do not
have 802.1x capability.
Note:
MAB cannot work if Guest VLAN is enabled.
Downloaded from