Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on the SNRS exam, a well-prepared candidate should at the minimum know all the details in each "Foundation Summary" before going to take the exam.

The following are the required steps to configure 802.1x port-based authentication on a Cisco Catalyst switch:

Step 1. Enable AAA. Use the aaa new-model global configuration to enable AAA.

Step 2. Configure AAA services. Use the aaa authentication global configuration command to define method lists that use RADIUS for authentication.

Step 3. Enable 802.1x globally on the switch using dot1x system-auth-control.

Step 4. Activate 802.1x port-based authentication on a specific port using the dot1x port-control auto interface mode command.

Step 5. Specify the RADIUS server host, UDP port, and shared secret text string using the radius-server host command.

You can use several optional parameters to tweak the 802.1x configuration. These parameters include configuring periodic re-authentication, manual re-authentication, changing the quiet period, changing the switch-to-client retransmission time, setting the switch-to-client frame-retransmission number, configuring the host mode, configuring a guest VLAN, resetting the 802.1x configuration to the default values, and debugging 802.1x configuration.

The following troubleshooting commands enable testing and verification of 802.1x port-based authentication:

• show dot1x interface

• show dot1x statistics interface


0 0

Post a comment