Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

10-65

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

This example shows how to configure a switch as a supplicant:

Switch# configure terminal

Switch(config)# cisp enable

Switch(config)# dot1x credentials test

Switch(config)# username suppswitch

Switch(config)#

password

myswitch

Switch(config)# dot1x supplicant force-multicast

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport mode trunk

Switch(config-if)# dot1x pae supplicant

Switch(config-if)# dot1x credentials test

Switch(config-if)# end

Configuring NEAT with Auto Smartports Macros

You can also use an Auto Smartports user-defined macro instead of the switch VSA to configure the

authenticator switch. For information, see the Auto Smartports Configuration Guide.

Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs

In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more

information, see the Cisco Secure ACS configuration guides.

Note You must configure a downloadable ACL on the ACS before downloading it to the switch.

After authentication on the port, you can use the show ip access-list privileged EXEC command to

display the downloaded ACLs on the port.

Step 5

password password Create a password for the new username.

Step 6

dot1x supplicant force-multicast Force the switch to send only multicast EAPOL packets when it receives

either unicast or multicast packets.

This also allows NEAT to work on the supplicant switch in all host

modes.

Step 7

interface interface-id Specify the port to be configured, and enter interface configuration

mode.

Step 8

switchport trunk encapsulation

dot1q

Set the port to trunk mode.

Step 9

switchport mode trunk Configure the interface as a VLAN trunk port.

Step 10

dot1x pae supplicant Configure the interface as a port access entity (PAE) supplicant.

Step 11

dot1x credentials profile-name Attach the 802.1x credentials profile to the interface.

Step 12

end Return to privileged EXEC mode.

Step 13

show running-config interface

interface-id

Verify your configuration.

Step 14

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

previous next