Configuring 802.1x readiness check – Dell POWEREDGE M1000E User Manual
Page 300
10-38
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-13270-03
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring 802.1x Readiness Check
The 802.1x readiness check monitors IEEE 802.1x activity on all the switch ports and displays
information about the devices connected to the ports that support IEEE 802.1x. You can use this feature
to determine if the devices connected to the switch ports are IEEE 802.1x-capable.
The 802.1x readiness check is allowed on all ports that can be configured for IEEE 802.1x. The readiness
check is not available on a port that is configured as dot1x force-unauthorized.
Follow these guidelines to enable the readiness check on the switch:
•
The readiness check is typically used before IEEE 802.1x is enabled on the switch.
•
If you use the dot1x test eapol-capable privileged EXEC command without specifying an interface,
all the ports on the switch stack are tested.
•
When you configure the dot1x test eapol-capable command on an IEEE 802.1x-enabled port, and
the link comes up, the port queries the connected client about its IEEE 802.1x capability. When the
client responds with a notification packet, it is IEEE 802.1x-capable. A syslog message is generated
if the client responds within the timeout period. If the client does not respond to the query, the client
is not IEEE 802.1x-capable. No syslog message is generated.
•
The readiness check can be sent on a port that handles multiple hosts (for example, a PC that is
connected to an IP phone). A syslog message is generated for each of the clients that respond to the
readiness check within the timer period.
Beginning in privileged EXEC mode, follow these steps to enable the IEEE 802.1x readiness check on
the switch:
Step 10
dot1x port-control auto
Enable IEEE 802.1x authentication on the port.
For feature interaction information, see the
Configuration Guidelines” section on page 10-33
.
Step 11
end
Return to privileged EXEC mode.
Step 12
show dot1x
Verify your entries.
Step 13
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
dot1x test eapol-capable [interface
interface-id]
Enable the 802.1x readiness check on the switch.
(Optional) For interface-id specify the port on which to check for
IEEE 802.1x readiness.
Note
If you omit the optional interface keyword, all interfaces on the
switch are tested.
Step 1
configure terminal
(Optional) Enter global configuration mode.
Step 2
dot1x test timeout timeout
(Optional) Configure the timeout used to wait for EAPOL response. The
range is from 1 to 65535 seconds. The default is 10 seconds.
Step 3
end
(Optional) Return to privileged EXEC mode.
Step 4
show running-config
(Optional) Verify your modified timeout values.