Cisco Systems 3130 User Manual
9-36
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To disable and remove the restricted VLAN, use the no dot1x auth-fail vlan interface configuration
command. The port returns to the unauthorized state.
command. The port returns to the unauthorized state.
This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN:
Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# dot1x auth-fail vlan 2
You can configure the maximum number of authentication attempts allowed before a user is assigned to
the restricted VLAN by using the dot1x auth-fail max-attempts interface configuration command. The
range of allowable authentication attempts is 1 to 3. The default is 3 attempts.
the restricted VLAN by using the dot1x auth-fail max-attempts interface configuration command. The
range of allowable authentication attempts is 1 to 3. The default is 3 attempts.
Beginning in privileged EXEC mode, follow these steps to configure the maximum number of allowed
authentication attempts. This procedure is optional.
authentication attempts. This procedure is optional.
Step 4
dot1x port-control auto
Enable IEEE 802.1x authentication on the port.
Step 5
dot1x auth-fail vlan vlan-id
Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range
is 1 to 4094.
is 1 to 4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as
an IEEE 802.1x restricted VLAN.
port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as
an IEEE 802.1x restricted VLAN.
Step 6
end
Return to privileged EXEC mode.
Step 7
show dot1x interface interface-id
(Optional) Verify your entries.
Step 8
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
For the supported port types, see the
.
Step 3
switchport mode access
or
switchport mode private-vlan host
Set the port to access mode,
or
Configure the Layer 2 port as a private-VLAN host port.
Step 4
dot1x port-control auto
Enable IEEE 802.1x authentication on the port.
Step 5
dot1x auth-fail vlan vlan-id
Specify an active VLAN as an IEEE 802.1x restricted VLAN. The range
is 1 to 4094.
is 1 to 4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN or a voice VLAN as an IEEE 802.1x restricted
VLAN.
port), an RSPAN VLAN or a voice VLAN as an IEEE 802.1x restricted
VLAN.
Step 6
dot1x auth-fail max-attempts max
attempts
attempts
Specify a number of authentication attempts to allow before a port moves
to the restricted VLAN. The range is 1 to 3, and the default is 3.
to the restricted VLAN. The range is 1 to 3, and the default is 3.
Step 7
end
Return to privileged EXEC mode.
Step 8
show dot1x interface interface-id
(Optional) Verify your entries.
Step 9
copy running-config startup-config
(Optional) Save your entries in the configuration file.