Configuring 8021x in Cisco IOS

■ Configure 802.1x authentication.

■ Configure RADIUS communications.

■ Enable 802.1x globally.

■ Configure interface and enable 802.1x.

■ Verify 802.1x operation.

© 2007 Cisco Systems, Inc. All rights reserved. SNRS V2.0—2-21

The basic configuration of the Cisco Catalyst switch or Cisco Aironet wireless LAN access point remains constant within any IEEE 802.1x deployment regardless of the EAP method chosen for authentication. The EAP method is agreed upon by the client and authentication server, and the authenticator simply proxies the information between the two.

The switch, as the authenticator, controls the physical access to the network based on the authentication status of the client. The authenticator acts as an intermediary between the client and the authentication server, requesting identity information from the client, verifying that information with the authentication server and relaying a response to the client. The authenticator communicates with the client via EAPOL and with the authentication server via RADIUS.

The following steps are required to enable 802.1x on the switch:

Step 1

Enable AAA.

Step 2

Configure 802.1x authentication.

Step 3

(Optional) Configure 802.1x authorization

Step 4

Configure RADIUS communications.

Step 5

Enable 802.1x globally on the switch.

Step 6

Verify 802.1x operation

© 2007 Cisco Systems, Inc. Trust and Identity 2-101

0 0

Post a comment