Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How can I configure a 802.1x in a switch 2960 with IOS 15.0.2?

Hi,

I'm trying to config a switch WS-C2960+24PC-L with IOS 15.0(2)SE5 and C2960-LANBASEK9-M to use 802.1x in my network but when I type the following commands the IOS doesn't recognize the interface commands and I can't complete the settings:

Router# configure terminal
Router(config)# dot1x system-auth-control
Router(config)# aaa new-model
Router(config)# aaa authentication dot1x default group radius
Router(config)# interface fastethernet2/1
Router(config-if)# switchport mode access
Switch(config-if)# authentication port-control auto (or dot1x port-control auto)
Switch(config-if)# authentication host-mode multihost 
Router(config-if)# dot1x pae authenticator
Router(config-if)# end

Source: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/config-ieee-802x-pba.html#GUID-C11588CB-31B6-4CD9-9E74-CF2199FB1807

 

I've used the same commands in other switch with IOS 12.x and I don't have any problem to complete the settings so.... somebody know if:

* Should I use others commands to activate this feature in this IOS?

* Do I need to use other IOS?

 

Thanks in advance,

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

I assume that you forgot to

I assume that you forgot to paste in the following command:

switchport mode access

The "authentication ..." commands won't show up when the port is still in dynamic access/trunk mode. Only after you configure the port statically to be an access-port, these commands are available.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
5 REPLIES
Gold

The authentication manager

The authentication manager commands in Cisco IOS Release 12.2(50)SE or later

The equivalent 802.1x commands in Cisco IOS Release 12.2(46)SE and earlier

Description

authentication control-direction { both | in}

dot1x control-direction { both | in}

Enable 802.1x authentication with the wake-on-LAN (WoL) feature, and configure the port control as unidirectional or bidirectional.

authentication event

dot1x auth-fail vlan

dot1x critical (interface configuration)



dot1x guest-vlan6

Enable the restricted VLAN on a port.

Enable the inaccessible-authentication-bypass feature.

Specify an active VLAN as an 802.1x guest VLAN.

authentication fallback fallback-profile

dot1x fallback fallback-profile

Configure a port to use web authentication as a fallback method for clients that do not support 802.1x authentication.

authentication host-mode [ multi-auth | multi-domain | multi-host | single-host]

dot1x host-mode { single-host | multi-host | multi-domain}

Allow a single host (client) or multiple hosts on an 802.1x-authorized port.

authentication order

mab

Provides the flexibility to define the order of authentication methods to be used.

authentication periodic

dot1x reauthentication

Enable periodic re-authentication of the client.

authentication port-control { auto | force-authorized | force-un authorized}

dot1x port-control { auto | force-authorized | force-unauthorized}

Enable manual control of the authorization state of the port.

authentication timer

dot1x timeout

Set the 802.1x timers.

authentication violation { protect | restrict | shutdown}

dot1x violation-mode { shutdown | restrict | protect}

Configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.

show authentication

show dot1x

Display 802.1x statistics, administrative status, and operational status for the switch or for the specified port. authentication manager: compatibility with earlier 802.1x CLI commands

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_010000.html#concept_6275D339A9074AC0BB06F872D7A54FBB

 

New Member

Hi mohanak,This command (new

Hi mohanak,

This command (new or old commands) doesn't appear in my IOS.

I type the following:

   test(config)#
   test(config)#aaa new-model
   test(config)#aaa group server radius RADIUS_ACCESS_CONTROL
   test(config-sg-radius)# server xxx.xx.xx.xx auth-port 1812 acct-port 1813
   test(config-sg-radius)# exit
   test(config)#aaa authentication dot1x default group RADIUS_ACCESS_CONTROL
   test(config)#aaa authorization network default group RADIUS_ACCESS_CONTROL
   test(config)#
   test(config)#dot1x system-auth-control
   test(config)#int fa0/1

 

but in this point, when I'm configuring the interfaces the switch hasn't got the commands:

   test(config-if)#aut?
   auto  

   test(config-if)#dot?
   % Unrecognized command
   test(config-if)#d?
   dampening         default  delay  description
   down-when-looped  duplex   

   test(config-if)#

 

What am I doing wrong?

 

VIP Purple

I assume that you forgot to

I assume that you forgot to paste in the following command:

switchport mode access

The "authentication ..." commands won't show up when the port is still in dynamic access/trunk mode. Only after you configure the port statically to be an access-port, these commands are available.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

No, I really forgot this

No, I really forgot this command.

 

Thanks,

New Member

Thanks..this helped me too. :

Thanks..this helped me too. :)

3189
Views
0
Helpful
5
Replies