When you have a Cisco router configured, you may make a mistake in setting it up.
#How to configuration cisco switch mac
MAC Authentication Bypass (MAB) permits the port to perform MAC authentication if the switch detects that the device is not 802.1x capable. This sets the port to access mode (untagged) with an untagged VLAN of 333 (the untrusted devices VLAN).Ĭisco-switch(config-if)# switchport mode accessĬisco-switch(config-if)# authentication order dot1x mabĬisco-switch(config-if)# authentication priority dot1x mabĬisco-switch(config-if)# authentication port-control autoĬisco-switch(config-if)# authentication periodicĬisco-switch(config-if)# authentication timer reauthenticate server Interface type and numbering will differ from model to model.Ĭisco-switch(config)# interface FastEthernet1/0/24Ĭisco-switch(config-if)# switchport access vlan 333 Use the following commands for port configuration:
Use Fa1/0/24, which is the 24th copper port on the Cisco 3750 switch.Ĥ. The following list of interfaces (ports) will be displayed:ģ. Determine the interface type and numbering conventions using the show interfaces description command. 192.0.2.10 refers to the Policy Manager Policy Manager server for the DHCP request in order for the device to be profiled.Ģ. Verify the RADIUS server settings and applicable VLANs router interfaces for the VLANs that have been set prior to configuring a port to perform the 802.1x and MAC authentication bypass (also known as MAC authentication fallback).ġ92.0.2.5 is the DHCP server and will vary based on the local configuration. Use best practices to create standardized naming conventions that describe VLAN purposes and locations (refer to Table 1).Ĭisco-switch(config-vlan)# name "Users and APs"Ĭisco-switch(config-vlan)# name "Untrusted Devices"Ĭisco-switch(config-vlan)# name "VoIP Phones"Ĭisco-switch(config-vlan)# name "Printers"Ĭisco-switch(config-vlan)# name "Security Network" Add an AAA server for dynamic authorization:Ĭisco-switch(config)# aaa server radius dynamic-authorĬisco-switch(config-locsvr-da-radius)# client 192.0.2.10 server-key aruba 123Ĭisco-switch(config-locsvr-da-radius)# port 3799Ĭisco-switch(config-locsvr-da-radius)# auth-type allĬisco-switch(config-locsvr-da-radius)# exitĩ. Use the following commands to set the switch to use RADIUS for AAA authentication and accounting:Ĭisco-switch(config)# aaa authentication dot1x default group radiusĬisco-switch(config)# aaa authorization network default group radiusĬisco-switch(config)# aaa accounting dot1x default start-stop group radiusĨ. Run the following command to enable 802.1x:Ĭisco-switch(config)# dot1x system-auth-controlħ. Add the Policy Manager server as the RADIUS server with the following commands:Ĭisco-switch(config)# radius-server host 192.0.2.10Ĭisco-switch(config-radius-server)# address ipv4 192.0.2.10Ĭisco-switch(config-radius-server)# key aruba123Ħ. Enable the new access control commands and functions to include advanced features using the following command:ĥ. The firewall is not blocking the switch-to- Policy Manager server communication.Ĥ.
The correct IP address for the default-gateway is set.ī. In the event an error is received, verify the following:Ī. Success rate is 100 percent(5/5), round-trip min/avg/max = 1/2/8 msģ. Verify that the Cisco switch can ping the Policy Manager server:
0 kommentar(er)
