Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

10-68

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Configuring VLAN ID-based MAC Authentication

Beginning in privileged EXEC mode, follow these steps:

There is no show command to confirm the status of VLAN ID-based MAC authentication. You can use

the debug radius accounting privileged EXEC command to confirm the RADIUS attribute 32. For more

information about this command, see the Cisco IOS Debug Command Reference, Release 12.2:

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_q1.html#wp1123741

This example shows how to globally enable VLAN ID-based MAC authentication on a switch:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# mab request format attribute 32 vlan access-vlan

Switch(config-if)# exit

Configuring Flexible Authentication Ordering

Beginning in privileged EXEC mode, follow these steps:

This example shows how to configure a port attempt 802.1x authentication first, followed by web

authentication as fallback method:

Switch# configure terminal

Switch(config)# interface gigabitethernet2/0/1

Switch(config)# interface gigabitethernet0/1

Switch(config)# authentication order dot1x webauth

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

mab request format attribute 32 vlan access-vlan Enable VLAN ID-based MAC authentication.

Step 3

copy running-config startup-config (Optional) Save your entries in the configuration

file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the port to be configured, and enter interface

configuration mode.

Step 3

authentication order [dot1x | mab] |

{webauth}

(Optional) Set the order of authentication methods used on a port.

Step 4

authentication priority [dot1x | mab] |

{webauth}

(Optional) Add an authentication method to the port-priority list.

Step 5

show authentication (Optional) Verify your entries.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next