Configuring IEEE 802.1x on an authenticator switch port consists of:
The following procedure describes how to configure IEEE 802.1x on an authenticator switch port. Unspecified parameters use their default values.
Step | Task | Command(s) |
---|---|---|
1 | Set the IEEE 802.1x authentication mode both globally and per port:
|
set dot1x auth-config authcontrolled-portcontrol {auto | forced-auth | forced-unauth} |
Note: Before enabling 802.1x authentication on the switch, you must set the authentication mode of ports that will not be participating in 802.1x authentication to forced-authorized to assure that frames will be forwarded on these ports. Examples of this kind of port are connections between switches and connections between a switch and a router.
See the S-, K-, and 7100 Series CLI Reference Guide for a listing of parameter options that come with this command. |
||
2 | Display the access entity index values. Ports used to authenticate and authorize supplicants utilize access entities that maintain entity state, counters, and statistics for an individual supplicant. You need to know the index value associated with a single entity to enable, disable, initialize, or reauthenticate a single entity. | show dot1x auth-session-stats |
3 | Enable IEEE 802.1x globally on the switch. Ports default to enabled. | set dot1x {enable | disable} [port-string] [index index-list] |
4 | If an entity deactivates due to the supplicant logging off, inability to authenticate, or the supplicant or associated policy settings are no longer valid, you can reinitialize a deactivated access entity. If necessary, reinitialize the specified entity. | set dot1x init [index index-list] |
5 | If the authentication for a supplicant times out or is lost for any reason, you can reauthenticate that supplicant. If necessary, reauthenticate the specified entity. | set dot1x reauth [index index-list] |
6 | Optionally, globally disable 802.1x agent accounting. | set dot1x accounting {enable | disable} |
7 | Display IEEE 802.1x configuration. | show dot1x auth-config |