25-7
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
These sections describe how to configure 802.1X port-based authentication:
• Enabling 802.1X Port-Based Authentication, page 25-7
• Configuring Switch-to-RADIUS-Server Communication, page 25-8
• Enabling Periodic Reauthentication, page 25-10
• Manually Reauthenticating the Client Connected to a Port, page 25-11
• Initializing Authentication for the Client Connected to a Port, page 25-11
• Changing the Quiet Period, page 25-11
• Changing the Switch-to-Client Retransmission Time, page 25-12
• Setting the Switch-to-Client Frame Retransmission Number, page 25-14
• Enabling Multiple Hosts, page 25-14
• Resetting the 802.1X Configuration to the Default Values, page 25-15
Enabling 802.1X Port-Based Authentication
To enable 802.1X port-based authentication, you must enable AAA and specify the authentication
method list. A method list describes the sequence and authentication methods to be queried to
authenticate a user.
The software uses the first method listed to authenticate users; if that method fails to respond, the
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
To configure 802.1X port-based authentication, perform this task:
Command Purpose
Step 1
Router(config)# aaa new-model
Enables AAA.
Router(config)# no aaa new-model
Disables AAA.
Step 2
Router(config)# aaa authentication dot1x
{default} method1
[method2...]
Creates an 802.1X port-based authentication method list.
Router(config)# no aaa authentication dot1x
{default | list_name}
Clears the configured method list.
Step 3
Router(config)# dot1x system-auth-control
Globally enables 802.1X port-based authentication.
Router(config)# no dot1x system-auth-control
Globally disables 802.1X port-based authentication.
Step 4
Router(config)# interface type
1
slot/port
Enters interface configuration mode and specifies the
interface to be enabled for 802.1X port-based
authentication.
Step 5
Router(config-if)# dot1x port-control auto
Enables 802.1X port-based authentication on the
interface.
Router(config-if)# no dot1x port-control auto
Disables 802.1X port-based authentication on the
interface.
