Difference between revisions of "Netband Project - 802.1x"
From Teknologisk videncenter
(→Configuration) |
|||
Line 15: | Line 15: | ||
*The host must be authenticated before normal traffic will be allowed through the switchport | *The host must be authenticated before normal traffic will be allowed through the switchport | ||
*The host must be 802.1x compatible | *The host must be 802.1x compatible | ||
− | < | + | <source lang="cli">aaa new-model |
! | ! | ||
dot1x system-auth-control | dot1x system-auth-control |
Revision as of 11:50, 5 August 2009
802.1x
This page is part of the Netband Project
- provides accesscontrol at the switchport
- Consists of
- Auhtenticator
- The device that handles the authentication on behalf of the clients
- Supplicant(client)
- The clients conencting to the network
- Authentication server
- Radius server
- Auhtenticator
Configuration
- Allows only one host on a switchport
- The host must be authenticated before normal traffic will be allowed through the switchport
- The host must be 802.1x compatible
<source lang="cli">aaa new-model ! dot1x system-auth-control ! aaa authentication dot1x default group Hq_radius_server ! aaa group server radius Hq_radius_server
server 10.1.1.11 auth-port 1645 acct-port 1646
! radius-server key ciscodisco </pre>
- 12.2(46)SE and earlier
interface FastEthernet0/10 dot1x port-control auto dot1x host-mode single-host dot1x violation-mode protect
- 12.2(50)SE or later
interface FastEthernet0/10 authentication port-control auto authentication host-mode single-host authentication violation protect
External Links
802.1x 12.2(46)SE
802.1x 12.2(50)SE
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_eap.conf