Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Local Authentication for dot1x for devices with no radius server

Hello All.

Would greatly appreciate any help....

We are looking at running 802.1x on the 2960 to authenticate and manage SNOM IP phones.

What we want to achieve is to be done on Cisco Switch with NO Radius server but to user local authentication only.

If the Switch has phone connected to it, it will be allowed access to network on Vlan 10, with the username/password
credentials being sent from the SNOM phone.

If an authenticion failure coccurs set the vlan to vlan 20 for data if users attach PC to the port...

My port config as follows.

switchport access vlan 10
switchport mode access
authentication control-direction in
authentication event fail action authorize vlan 20

Switch is:

Switch#sh ver
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
System image file is "flash:c2960-lanbasek9-mz.122-53.SE2/c2960-lanbasek9-mz.122-53.SE2.bin"

Is there a way to do this ?  any help would be greatly appreciated.

Any help would be great,



Re: Local Authentication for dot1x for devices with no radius se


You can authenticate users using username and password with following command.

aaa authentication dot1x default local

However without Radius server, you can not achieve real network access control, such as VLAN assignment and per-user ACL.



Do rate helpful posts

CreatePlease to create content