Configuring ieee 802.1x violation modes, Configuring ieee 802.1x authentication, Configuring ieee – Dell POWEREDGE M1000E User Manual

10-36

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

Configuring IEEE 802.1x Violation Modes

You can configure an IEEE 802.1x port so that it shuts down, generates a syslog error, or discards packets
from a new device when:

•

a device connects to an IEEE 802.1x-enable port

•

the maximum number of allowed about devices have been authenticated on the port

Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:

Configuring IEEE 802.1x Authentication

To configure IEEE 802.1x port-based authentication, you must enable authentication, authorization, and
accounting (AAA) and specify the authentication method list. A method list describes the sequence and
authentication method to be queried to authenticate a user.

To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the
switch for all network-related service requests.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

aaa new-model

Enable AAA.

Step 3

aaa authentication dot1x {default}
method1

Create an IEEE 802.1x authentication method list.

To create a default list that is used when a named list is not specified in
the authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.

For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.

Note

Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.

Step 4

interface interface-id

Specify the port connected to the client that is to be enabled for
IEEE 802.1x authentication, and enter interface configuration mode.

Step 5

switchport mode access

Set the port to access mode.

Step 6

authentication violation shutdown |
restrict | protect}

or

dot1x violation-mode {shutdown |
restrict | protect}

Configure the violation mode. The keywords have these meanings:

•

shutdown–Error disable the port.

•

restrict–Generate a syslog error.

•

protect–Drop packets from any new device that sends traffic to the
port.

Step 7

end

Return to privileged EXEC mode.

Step 8

show authentication

or

show dot1x

Verify your entries.

Step 9

copy running-config startup-config

(Optional) Save your entries in the configuration file.