802.1x authentication using cisco switches

There are several ways for authenticate a switchport. This could be neccessary, if you want to make sure, the client is the client you want on the lan. Normaly you would say your environment is worth for trusting, but maybe you should be more suspicous on your neighbours. Don’t trust to easy. Well this is network security.

The 802.1x authentications is a client server based mechanism. So you need a device that can speak IEEE 802.1x-compliant Software so it can answer the authentication server requests.

The switch just acts like a proxy. There are several different way in combining the switch an the client for port and/or vlan authentication.
Here is the setup for a switch forwarding the clients request for authentication on a specific port.

aaa new-model
aaa authentication login default none
aaa authentication dot1x default group radius
!
dot1x system-auth-control
!
interface FastEthernet0/1
switchport mode access
dot1x port-control auto
!
interface FastEthernet0/2
switchport mode access
dot1x port-control auto
!
!
radius-server host 192.168.1.100
radius-server key PASSWORD

Source:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/sw8021x.htm

Leave a Reply