186 Cisco LAN Switching Configuration Handbook
Configuration
To configure 802.1X port authentication, use the following steps.
1. The 802.1X authentication is enabled automatically.
2. Specify the RADIUS server and key:
(global) radius-server host address key string
Because the 802.1X process relies on a RADIUS server, you must configure the
switch with the address of the RADIUS server and the key used on the server.
3. Create an authentication, authorization, accounting (AAA) model:
(global) aaa new-model
(global) aaa authentication dot1x default group radius
You will enable 802.1X authentication by creating a AAA model using the com-
mands listed.
4. Enable 802.1x on the port:
(interface) dot1x port-control {auto | force-authorized | force-
unauthorized}
After completing the previous steps, you can configure a port for 802.1X authoriza-
tion. When a port is configured for 802.1X authentication, it does not pass user traf-
fic until a RADIUS server sends authorization for the port.
Feature Example
The following example shows the configuration for Ethernet port 3/6 to provide 802.1X
authentication for a client using the RADIUS server 10.1.1.1 with a key string of
funhouse:
Switch(config)# radius-server host 10.1.1.1 key funhouse
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# interface fastethernet 3/6
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch(config)# copy running-config startup-config
11.9: Layer 2 Security
There are different security requirements for networking devices; switches are susceptible
to network attacks in different ways. These attacks include the following along with solu-
tions to mitigate these type of attacks:
To Next Page
Loading...
Need help?
General