Cisco Systems 2960 Model Vehicle User Manual


  Open as PDF
of 1004
 
10-65
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to configure a switch as a supplicant:
Switch# configure terminal
Switch(config)# cisp enable
Switch(config)# dot1x credentials test
Switch(config)# username suppswitch
Switch(config)#
password
myswitch
Switch(config)# dot1x supplicant force-multicast
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# dot1x pae supplicant
Switch(config-if)# dot1x credentials test
Switch(config-if)# end
Configuring NEAT with Auto Smartports Macros
You can also use an Auto Smartports user-defined macro instead of the switch VSA to configure the
authenticator switch. For information, see the Auto Smartports Configuration Guide.
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more
information, see the Cisco Secure ACS configuration guides.
Note You must configure a downloadable ACL on the ACS before downloading it to the switch.
After authentication on the port, you can use the show ip access-list privileged EXEC command to
display the downloaded ACLs on the port.
Step 5
password password Create a password for the new username.
Step 6
dot1x supplicant force-multicast Force the switch to send only multicast EAPOL packets when it receives
either unicast or multicast packets.
This also allows NEAT to work on the supplicant switch in all host
modes.
Step 7
interface interface-id Specify the port to be configured, and enter interface configuration
mode.
Step 8
switchport trunk encapsulation
dot1q
Set the port to trunk mode.
Step 9
switchport mode trunk Configure the interface as a VLAN trunk port.
Step 10
dot1x pae supplicant Configure the interface as a port access entity (PAE) supplicant.
Step 11
dot1x credentials profile-name Attach the 802.1x credentials profile to the interface.
Step 12
end Return to privileged EXEC mode.
Step 13
show running-config interface
interface-id
Verify your configuration.
Step 14
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose