There are three aspects to configuring 802.1x for the engineering group:
Configuring EAP on the end-user station and setting up the RADIUS account for each station is dependent upon your operating system and the RADIUS application being used, respectively. The important thing the network administrator should keep in mind is that these two configurations should be in place before moving on to the 802.1x configuration on the switch. In an 802.1x configuration, policy is specified in the RADIUS account configuration on the authentication server using the RADIUS Filter-ID. See The RADIUS Filter-ID for RADIUS Filter-ID information. If a RADIUS Filter-ID exists for the user account, the RADIUS protocol returns it in the RADIUS Accept message and the firmware applies the policy to the user.
Note
Globally enabling 802.1x on a switch sets the port-control type to auto for all ports. Be sure to set port-control to forced-auth on all ports that will not be authenticating using 802.1x and no other authentication method is configured. Otherwise these ports will fail authentication and traffic will be blocked.The following CLI input:
System(rw)->set dot1x enable System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.5 System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.19 System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth ge.2.24 System(rw)->set quarantine-agent port enable ge.1.5 System(rw)->set quarantine-agent port enable ge.1.19 System(rw)->set quarantine-agent port enable ge.1.24 System(rw)->set auto-tracking enable System(rw)->set auto-tracking port enable ge.1.5 System(rw)->set auto-tracking port enable ge.1.19 System(rw)->set auto-tracking port enable ge.1.24
This completes the 802.1x end-user stations configuration.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB