802.1x

The following section is used to capture wired user authentication information. This information is used by Cisco Spaces apps such as Right Now, where dot1x has been configured.

How to enable 802.1x port-based authentication on the switch?

There are several ways to configure 802.1x port-based authentication on a switch. This task shows you one of the way to enable 802.1x.

Procedure


Step 1

aaa new-model

This command enables AAA.

Step 2

aaa authentication dot1x default group radius

This command creates a series of authentication methods to determine user privilege. If the user has the necessary previlige, the device can communicate with the AAA server.

Step 3

dot1x system-auth-control

This command globally enables 802.1X port-based authentication.

Example:

Switch# configure terminal
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# dot1x system-auth-control
Switch(config)# end

How to enable 802.1x port-based authentication on the switch interface?

This task shows you how to enable 802.1x port-based authentication on the switch interface.

Procedure


Step 1

authentication port-control auto

This command enables port authentication.

Step 2

dot1x pae authenticator

This command enables 802.1x port authentication.

Example:

Switch# configure terminal
Switch(config)# interface <interface-id>
Switch(config-if)# authentication port-control auto
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# end

How to configure the switch for RADIUS-server communication?

This task shows you how to configure a switch for RADIUS-server communication.

Procedure


Step 1

radius server RADIUS

This command configures the RADIUS server.

Step 2

address ipv4 radius-ip auth-port 1645 acct-port 1646

This command configures the server IP address and port.

Step 3

keyvar

This command configures the RADIUS key.

Example:

Switch# configure terminal
Switch(config)# radius server RADIUS
Switch(config)# address ipv4 <radius-ip> auth-port 1645 acct-port 1646
Switch(config)# key <key>
Switch(config)# end

How to view the current 802.1x status for a switch interface?

The following command displays the details of a switch interface.

Procedure


show dot1x interface interface-id

Switch# show dot1x interface GigabitEthernet 1/0/1 details
 
Dot1x Info for GigabitEthernet1/0/1
--------------------------------------------
PAE                       = AUTHENTICATOR
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30
 
Dot1x Authenticator Client List
-------------------------------
 
EAP Method                = PEAP
Supplicant                = f076.1cc7.8386
Session ID                = 000000000000000BA3185562
    Auth SM State         = AUTHENTICATED
    Auth BEND SM State    = IDLE