8-17
Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Configuring Switch Ports as 802.1X
Authenticators
1. Enable 802.1X Authentication on Selected Ports
This task configures the individual ports you want to operate as 802.1X
authenticators for point-to-point links to 802.1X-aware clients or switches,
and consists of two steps:
A. Enable the selected ports as authenticators.
B. Specify either client-based or port-based 802.1X authentication.
(Actual 802.1X operation does not commence until you perform step 5 on page
8-15 to activate 802.1X authentication on the switch.)
Note When you enable 802.1X authentication on a port, the switch automatically
disables LACP on that port. However, if the port is already operating in an
LACP trunk, you must remove the port from the trunk before you can config-
ure it for 802.1X authentication.
802.1X Authentication Commands Page
[no] aaa port-access authenticator < [ethernet] < port-list >8-17
[control | quiet-period | tx-period | client-limit | supplicant-timeout |
server-timeout | logoff-period | max-requests | reauth-period |
auth-vid | unauth-vid | initialize | reauthenticate | clear-statistics]
8-18
aaa authentication port-access 8-23
< local | eap-radius | chap-radius >
[no] aaa port-access authenticator active 8-17
[no] port-security [ethernet] < port-list > learn-mode port-access 8-40
802.1X Open VLAN Mode Commands 8-26
802.1X Supplicant Commands 8-42
802.1X-Related Show Commands 8-47
RADIUS server configuration 8-24
