IBM 12.1(22)EA6 User Manual
6-22
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 6 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To disable the optional guest VLAN behavior, use the no dot1x guest-vlan supplicant global
configuration command. To remove the guest VLAN, use the no dot1x guest-vlan interface
configuration command. If the port is currently authorized in the guest VLAN, the port returns to the
unauthorized state.
configuration command. To remove the guest VLAN, use the no dot1x guest-vlan interface
configuration command. If the port is currently authorized in the guest VLAN, the port returns to the
unauthorized state.
This example shows how enable the optional guest VLAN behavior and to specify VLAN 5 as an IEEE
802.1x guest VLAN:
802.1x guest VLAN:
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# interface gigabitethernet0/17
Switch(config-if)# dot1x guest-vlan 5
Resetting the IEEE 802.1x Configuration to the Default Values
Beginning in privileged EXEC mode, follow these steps to reset the IEEE 802.1x configuration to the
default values.
default values.
Configuring IEEE 802.1x Authentication
To configure IEEE 802.1x port-based authentication, you must enable AAA and specify the
authentication method list. A method list describes the sequence and authentication methods to be
queried to authenticate a user.
authentication method list. A method list describes the sequence and authentication methods to be
queried to authenticate a user.
The software uses the first method listed to authenticate users. If that method fails to respond, the
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
To allow VLAN assignment, you must enable AAA authorization to configure the switch for all
network-related service requests.
network-related service requests.
Step 8
show dot1x interface interface-id
Verify your entries.
Step 9
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to be configured, and enter interface configuration
mode.
mode.
Step 3
dot1x default
Reset the configurable IEEE 802.1x parameters to the default values.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.