Thursday, July 5, 2012

802.1X Configuration


  • 802.1X switch configuration resembles the AAA configuration.
  • The Switch configuration treats 802.1X user authentication as another option for AAA authentication.
  • Configuration Steps:
    • As with other AAA authentication methods, enable AAA with global command
      • aaa new-model
    • As with other configurations using RADIUS servers, define the RADIUS servers ip address & encryption keys using command
      • radius-server host 
      • radius-server key
    • Similar to login authentication configuration, define the 802.1X authentication method (RADIUS only) using global commands
      • aaa authentcation dot1x default
      • for multiple groups aaa authentication dot1x group name
    • Enable 802.1X globally using global command
      • dot1x system auth-control 
    • Set each interface to use one of three operational settings using the command
      • dot1x port-control { auto | force-authorized | force-unauthorized }
        • using 802.1x (auto)
        • not using 802.1x, but the interface is automatically authorized 
          • force-authorized   default
        • not using 802.1x, but the interface is automatically unauthorized
          • force-unauthorized