cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
664
Views
0
Helpful
1
Replies

Local Authentication for dot1x for devices with no radius server

paul_savage
Level 1
Level 1

Hello All.

Would greatly appreciate any help....

We are looking at running 802.1x on the 2960 to authenticate and manage SNOM IP phones.


What we want to achieve is to be done on Cisco Switch with NO Radius server but to user local authentication only.

If the Switch has phone connected to it, it will be allowed access to network on Vlan 10, with the username/password
credentials being sent from the SNOM phone.

If an authenticion failure coccurs set the vlan to vlan 20 for data if users attach PC to the port...

My port config as follows.

switchport access vlan 10
switchport mode access
authentication control-direction in
authentication event fail action authorize vlan 20


Switch is:

Switch#sh ver
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
System image file is "flash:c2960-lanbasek9-mz.122-53.SE2/c2960-lanbasek9-mz.122-53.SE2.bin"


Is there a way to do this ?  any help would be greatly appreciated.

Any help would be great,

Paul

1 Reply 1

Jagdeep Gambhir
Level 10
Level 10


Hi


You can authenticate users using username and password with following command.

aaa authentication dot1x default local

However without Radius server, you can not achieve real network access control, such as VLAN assignment and per-user ACL.


Regards,

~JG


Do rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: