Local Authentication for dot1x for devices with no radius server

Unanswered Question
Jun 24th, 2010
User Badges:

Hello All.


Would greatly appreciate any help....


We are looking at running 802.1x on the 2960 to authenticate and manage SNOM IP phones.



What we want to achieve is to be done on Cisco Switch with NO Radius server but to user local authentication only.


If the Switch has phone connected to it, it will be allowed access to network on Vlan 10, with the username/password
credentials being sent from the SNOM phone.


If an authenticion failure coccurs set the vlan to vlan 20 for data if users attach PC to the port...




My port config as follows.


switchport access vlan 10
switchport mode access
authentication control-direction in
authentication event fail action authorize vlan 20



Switch is:


Switch#sh ver
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
System image file is "flash:c2960-lanbasek9-mz.122-53.SE2/c2960-lanbasek9-mz.122-53.SE2.bin"



Is there a way to do this ?  any help would be greatly appreciated.






Any help would be great,


Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 06/24/2010 - 19:41
User Badges:
  • Red, 2250 points or more


Hi


You can authenticate users using username and password with following command.


aaa authentication dot1x default local


However without Radius server, you can not achieve real network access control, such as VLAN assignment and per-user ACL.


Regards,

~JG


Do rate helpful posts

Actions

This Discussion