Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

dot 1x port control question

dear all

quick question,

I plan to implement aaa dot 1x port control on my network. What will happen if I configure the ports to dot1x port control auto before I add the server, will they not work? what should I set them to if adding a server at a later date?

cheers

Carl

6 REPLIES
VIP Super Bronze

Re: dot 1x port control question

Carl,

This command just enables 802.1X authentication on the interface and  causes the port to transition to the authorized or unauthorized state  based on the 802.1X authentication exchange between the switch and the  client. You can add a server to the port or disable 1X and add a server. This command can not be configured on a trunk port.

here is the doc for more info:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/command/reference/ch2a_ins.html#wp1477520

HTH

New Member

dot 1x port control question

hi there

I mean what setting on the port will I need to to if I wish to add the aaa radius server at a later date ?

dot 1x port control question

I think that is force-authorize. It will stay open then no matter what.

Then, after you add the server commands, change it to auto

New Member

dot 1x port control question

Hi There

I have some practice questions on this and one of the words says

that the Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers.

so to me this would mean that I should use the command force authorized?? as if the servers arent there surely it wont authenticate without them when using the auto command?

what do you think about this ?

dot 1x port control question

Hi,

i was thinking that if there isn t a radius server to talk to yet, no auth packets can be sent, so no authentication can happen.

To force the port to stay open (cause no auth is possible yet) force auth is used.

But it could be i misunderstood your question? (dutch speaker here )

New Member

dot 1x port control question

can anyone help on this ?

440
Views
0
Helpful
6
Replies
CreatePlease to create content