Cisco Systems EA6500 Manual De Usuario

When you enable 802.1X port-based authentication, note the following syntax information:

To create a default list that is used when a named list is not specified in the authentication 
command, use the default keyword followed by the methods that are to be used in default situations. 
The default method list is automatically applied to all interfaces.

Enter at least one of these keywords:

group radius—Use the list of all RADIUS servers for authentication. 

none—Use no authentication. The client is automatically authenticated by the switch without 
using the information supplied by the client.

This example shows how to enable AAA and 802.1X on Fast Ethernet port 5/1:

Router# configure terminal

Router(config)# aaa new-model

Router(config)# aaa authentication dot1x default group radius

Router(config)# dot1x system-auth-control 

Router(config)# interface fastethernet 5/1

Router(config-if)# dot1x port-control auto

Router(config-if)# end

This example shows how to verify the configuration:

Router# show dot1x all

Dot1x Info for interface FastEthernet5/1 

---------------------------------------------------- 

AuthSM State      = FORCE UNAUTHORIZED 

BendSM State      = IDLE 

PortStatus        = UNAUTHORIZED 

MaxReq            = 2 

MultiHosts        = Disabled 

Port Control      = Force UnAuthorized 

QuietPeriod       = 60 Seconds 

Re-authentication = Disabled 

ReAuthPeriod      = 3600 Seconds 

ServerTimeout     = 30 Seconds 

SuppTimeout       = 30 Seconds 

TxPeriod          = 30 Seconds 

RADIUS security servers are identified by any of the following:

Host name

Host IP address

Router(config)# end 

Returns to privileged EXEC mode.

Router# show dot1x all 

Verifies your entries.

Check the Status column in the 802.1X Port Summary 
section of the display. An enabled status means the 
port-control value is set either to auto or to 
force-unauthorized.

1.

type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet