Enabling 802.1X Authentication on Switch
As many of you already know about the 802.1X. 802.1X port-based authentication as a client-server based access control and
authentication protocol that limits unauthorized clients from joining to a LAN
through publicly available ports. An authentication server authenticates each
supplicant (client) linked to an authenticator (network access switch) port
before making accessible any services offered by the switch or the LAN.
802.1X support needs an authentication server that is provisioned
for Remote Authentication Dial-In User Service (RADIUS). 802.1X authentication
does not work if the network access switch can route packets to the configured
authentication RADIUS server. To verify that the switch can route packets, you
must ping the server from the switch.
Fig 1.1- 802.1x Authentication on Switch
|
Enabling 802.1X Authentication
To enable 802.1X port-based authentication, you first
must enable 802.1X globally on your Switch, then enable AAA and specify the
authentication method list. A method list describes the sequence and
authentication methods that must be queried to authenticate a user.
To disable 802.1X authentication, use the dot1x
port-control force-authorized or the no dot1x port-control interface
configuration command.
Below is the basic example shows how to enable AAA and 802.1X on Fast Ethernet port 1/1
RouteXP_Switch# configure terminal
RouteXP_Switch(config)# dot1x system-auth-control
RouteXP_Switch(config)# aaa new-model
RouteXP_Switch(config)# aaa
authentication dot1x default group radius
RouteXP_Switch(config)# interface fastethernet1/1
RouteXP_Switch(config-if)# dot1x port-control auto
RouteXP_Switch(config-if)# end