Cisco Systems 3560X Manual De Usuario

11-57

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 11 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration
command.

This example shows how to enable MAC authentication bypass:

Switch(config-if)# dot1x mac-auth-bypass

Configuring 802.1x User Distribution

Beginning in global configuration, follow these steps to configure a VLAN group and to map a VLAN
to it:

This example shows how to configure the VLAN groups, to map the VLANs to the groups, to and verify
the VLAN group configurations and mapping to the specified VLANs:

switch(config)# vlan group eng-dept vlan-list 10

switch(config)# show vlan group group-name eng-dept

Group Name Vlans Mapped

------------- --------------

eng-dept 10

switch# show dot1x vlan-group all

Group Name Vlans Mapped

------------- --------------

eng-dept 10

hr-dept 20

This example shows how to add a VLAN to an existing VLAN group and to verify that the VLAN was
added:

Step 3

authentication port-control auto

dot1x port-control auto

Enable 802.1x authentication on the port.

Step 4

dot1x mac-auth-bypass

[eap]

Enable MAC authentication bypass.

(Optional) Use the eap keyword to configure the switch to use EAP for
authorization.

Step 5

end

Return to privileged EXEC mode.

Step 6

show authentication interface-id

show dot1x interface interface-id

Verify your entries.

Step 7

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Command

Purpose

Step 1

vlan group

vlan-group-name vlan-list vlan-list

Configure a VLAN group, and map a single VLAN or a
range of VLANs to it.

Step 2

show vlan group

all vlan-group-name

Verify the configuration.

Step 3

no vlan group vlan-group-name vlan-list vlan-list

Clear the VLAN group configuration or elements of the
VLAN group configuration.