A SERVICE OF

logo

Open as PDF
next previous
10-2
Configuring Port-Based and User-Based Access Control (802.1X)
Contents
3. Configure the 802.1X Authentication Method . . . . . . . . . . . . . . . . 10-24
4. Enter the RADIUS Host IP Address(es) . . . . . . . . . . . . . . . . . . . . . 10-25
5. Enable 802.1X Authentication on the Switch . . . . . . . . . . . . . . . . 10-25
6. Optional: Reset Authenticator Operation . . . . . . . . . . . . . . . . . . . . 10-26
7. Optional: Configure 802.1X Controlled Directions . . . . . . . . . . . . 10-26
Wake-on-LAN Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27
Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27
Example: Configuring 802.1X Controlled Directions . . . . . . . . 10-28
802.1X Open VLAN Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29
VLAN Membership Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-30
Use Models for 802.1X Open VLAN Modes . . . . . . . . . . . . . . . . . . . . 10-31
Operating Rules for Authorized-Client and
Unauthorized-Client VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36
Setting Up and Configuring 802.1X Open VLAN Mode . . . . . . . . . . . 10-40
802.1X Open VLAN Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . 10-44
Option For Authenticator Ports: Configure Port-Security
To Allow Only 802.1X-Authenticated Devices . . . . . . . . . . . . . . . . . 10-45
Port-Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-46
Configuring Switch Ports To Operate As Supplicants for 802.1X
Connections to Other Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47
Supplicant Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-49
Displaying 802.1X Configuration, Statistics, and Counters . . . . 10-51
Show Commands for Port-Access Authenticator . . . . . . . . . . . . . . . 10-51
Viewing 802.1X Open VLAN Mode Status . . . . . . . . . . . . . . . . . . . . . 10-61
Show Commands for Port-Access Supplicant . . . . . . . . . . . . . . . . . . 10-65
How RADIUS/802.1X Authentication Affects VLAN Operation . 10-66
VLAN Assignment on a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-67
Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-67
Example of Untagged VLAN Assignment in a RADIUS-Based
Authentication Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-69
Enabling the Use of GVRP-Learned Dynamic VLANs
in Authentication Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-72
Messages Related to 802.1X Operation . . . . . . . . . . . . . . . . . . . . . . . 10-74