Options
dot1x authenticaiton question
sunderodium
Member Posts: 6 ■□□□□□□□□□
in CCNP
I don't have time to setup a radius server to test this, but is this the proper way to setup dot1x?????
Requirements
Single host
Radius
unauthenticated ports: Protect (Drop all traffic)
guest vlan 10
Config and output
<pre>
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
radius-server host 192.168.1.10 auth-port 1645 acct-port 1646
radius-server key 7 070C285F4D06
interface FastEthernet0/10
switchport mode access
dot1x port-control auto
dot1x violation-mode protect
dot1x guest-vlan 10
Switch5#show dot1x
Sysauthcontrol Enabled
Dot1x Protocol Version 2
Critical Recovery Delay 100
Critical EAPOL Disabled
Switch5#show dot1x interface f0/10 details
Dot1x Info for FastEthernet0/10
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
Violation Mode = PROTECT
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Guest-Vlan = 10
Dot1x Authenticator Client List Empty
Port Status = UNAUTHORIZED
</pre>
Im taking the BCMSN test tommorrow, only studied for two weeks, i hope i get it.
Thanks in advance for the responses.
Requirements
Single host
Radius
unauthenticated ports: Protect (Drop all traffic)
guest vlan 10
Config and output
<pre>
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
radius-server host 192.168.1.10 auth-port 1645 acct-port 1646
radius-server key 7 070C285F4D06
interface FastEthernet0/10
switchport mode access
dot1x port-control auto
dot1x violation-mode protect
dot1x guest-vlan 10
Switch5#show dot1x
Sysauthcontrol Enabled
Dot1x Protocol Version 2
Critical Recovery Delay 100
Critical EAPOL Disabled
Switch5#show dot1x interface f0/10 details
Dot1x Info for FastEthernet0/10
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
Violation Mode = PROTECT
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Guest-Vlan = 10
Dot1x Authenticator Client List Empty
Port Status = UNAUTHORIZED
</pre>
Im taking the BCMSN test tommorrow, only studied for two weeks, i hope i get it.
Thanks in advance for the responses.
CCNP Track
7/11/2009 BSCI
7/25/2009 BCMSN
7/11/2009 BSCI
7/25/2009 BCMSN