The Cisco switch is set to prohibit unauthorized access to 802.1x (config) # aaa new-model 'to start AAA. (Config) # radius-server host 192.168.1.100 key netdigedu 'configure the address and key of the RADIUS server. (Config) # aaa authentication dot1x default group radius 'configure the 802.1x default authentication method as RADIUS.
(Config) # dot1x system-auth-control 'enable 802.1x authentication globally on the switch. (Config) # int fa0/24 www.2cto.com (config-if) # switchport mode access (config-if) # dot1x port-control auto' sets the 802.1x status of the interface. This command must be noted;
There are three statuses: force-authorized: the port is always in the authentication status and traffic is forwarded. This is the default status. Force-unauthorized: the port is always in the unauthenticated status and cannot forward traffic. Auto: the port switches between the authentication and unauthenticated status by using 802.1x to exchange messages with the client. This is what we need, so we must use auto after the dot1x port-control command. (Config-if) # dot1x host-mode multi-host 'when connecting multiple PCs under the switch port (through the Hub or switch), you need to configure this command. By default, only one PC can be authenticated. This article is from the fat shark network.