Table of Contents
Advertisement
186 Cisco LAN Switching Configuration Handbook
Configuration
To configure 802.1X port authentication, use the following steps.
The 802.1X authentication is enabled automatically.
1.
Specify the RADIUS server and key:
2.
(global) radius-server host address key string
Because the 802.1X process relies on a RADIUS server, you must configure the
switch with the address of the RADIUS server and the key used on the server.
Create an authentication, authorization, accounting (AAA) model:
3.
(global) aaa new-model
(global) aaa authentication dot1x default group radius
You will enable 802.1X authentication by creating a AAA model using the com-
mands listed.
Enable 802.1x on the port:
4.
(interface) dot1x port-control {auto | force-authorized | force-
unauthorized}
After completing the previous steps, you can configure a port for 802.1X authoriza-
tion. When a port is configured for 802.1X authentication, it does not pass user traf-
fic until a RADIUS server sends authorization for the port.
Feature Example
The following example shows the configuration for Ethernet port 3/6 to provide 802.1X
authentication for a client using the RADIUS server 10.1.1.1 with a key string of
funhouse:
Switch(config)# radius-server host 10.1.1.1 key funhouse
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# interface fastethernet 3/6
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch(config)# copy running-config startup-config
11.9: Layer 2 Security
There are different security requirements for networking devices; switches are susceptible
to network attacks in different ways. These attacks include the following along with solu-
tions to mitigate these type of attacks:
Hide quick links:
Advertisement
Table of Contents
