Cisco Systems 2955 Manual

A SERVICE OF

next previous

9-12

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

OL-10101-02

Chapter 9 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

• Set the action to be taken when the switch tries to re-authenticate the client by using the

Termination-Action RADIUS attribute (Attribute[29]). If the value is DEFAULT or is not set, the

session ends. If the value is RADIUS-Request, the re-authentication process starts.

• View the NAC posture token, which shows the posture of the client, by using the show dot1x

privileged EXEC command.

• Configure secondary private VLANs as guest VLANs.

Configuring NAC Layer 2 IEEE 802.1x validation is similar to configuring IEEE 802.1x port-based

authentication except that you must configure a posture token on the RADIUS server. For information

about configuring NAC Layer 2 IEEE 802.1x validation, see the

“Configuring NAC Layer 2 IEEE 802.1x

Validation” section on page 9-27 and the “Enabling Periodic Re-Authentication” section on page 9-19.

For more information about NAC, see the Network Admission Control Software Configuration Guide.

Configuring IEEE 802.1x Authentication

These sections describe how to configure IEEE 802.1x port-based authentication on your switch:

• Default IEEE 802.1x Authentication Configuration, page 9-12

• IEEE 802.1x Authentication Configuration Guidelines, page 9-13

• Upgrading from a Previous Software Release, page 9-15

• Configuring IEEE 802.1x Authentication, page 9-15 (required)

• Configuring the Switch-to-RADIUS-Server Communication, page 9-17 (required)

• Configuring the Host Mode, page 9-18 (optional)

• Enabling Periodic Re-Authentication, page 9-19 (optional)

• Manually Re-Authenticating a Client Connected to a Port, page 9-19 (optional)

• Changing the Quiet Period, page 9-20 (optional)

• Changing the Switch-to-Client Retransmission Time, page 9-20 (optional)

• Setting the Switch-to-Client Frame-Retransmission Number, page 9-21 (optional)

• Configuring IEEE 802.1x Accounting, page 9-22 (optional)

• Configuring a Guest VLAN, page 9-23 (optional)

• Configuring a Restricted VLAN, page 9-24 (optional)

• Configuring IEEE 802.1x Authentication with WoL, page 9-26

• Configuring NAC Layer 2 IEEE 802.1x Validation, page 9-27

• Resetting the IEEE 802.1x Configuration to the Default Values, page 9-28 (optional)

Default IEEE 802.1x Authentication Configuration

Table 9-2 shows the default IEEE 802.1x authentication configuration.