Routing:
[Gen][CCNA][CCNP Route][CCNP Remote][CCDA][MPLS][EEM][Add][Juniper][ACL][Host]
Switching: [CCNP Switch] [Switch Add] [Intro] [VLANs] [MLS] [STP] [QoS] [Availability] Security: [CCNP Security] [CCNA Security] [CCNP ISCW][PIX] [Adv PIX/ASA] [Net Sec1] [Net Sec2] Wireless: [Wireless] [Wireless Chall] [CCNA Wireless] [Wireless Theory] Voice: [Voice/QoS] [CCNA Voice] [CCVP Gateway] [CCVP Voice] Topics: [Dot1q][Dot1x][BGP][BRI][DHCP][IGRP][IGMP][OSPF][PPP][QoS][RADIUS][RIP][Subnet][SNMP][VLAN] IEEE 802.1X (Dot1x)The IEEE 802.1X (dot1x) protocol allows for a Port-Based Authentication method that can stop unauthorized devices connecting to a network switch. It can provide both authentication and authorization services for network ports on a switch/wireless access point. For this we can have a supplicant (the device which is trying to conenct to the network and which passes it credentials), an authenticator (the device which authorizes the device onto the netowrk) and an authentication server (which checks the credentials, and authorizes the device - typically this is a RADIUS Server). CCNP Switch
CCNP ISCW
Security
Cisco Network Security
In the following, we setup AAA (Authentication, Authorization and Accounting) on the switch, and the define the IP address of the RADIUS authentication server (10.0.0.1 on Port 1812). This authentication is then applied to the FA0/1 port, so that a user must provide their credentials to connect to the network: (config)# aaa new-model (config)# aaa accounting connection default start-stop group radius (config)# aaa accounting network default start-stop group radius (config)# aaa authentication dot1x default group radius local (config)# dot1x system-auth-control (config)# radius-server host 10.0.0.1 auth-port 1812 key test (config)# int fa0/1 (config-if)# switchport mode access (config-if)# dot1x port-control auto (config-if)# dot1x re-authentication (config-if)# dot1x timeout reauth-period 180 (config-if)# dot1x timeout tx-period 40 (config-if)# dot1x timeout quiet-period 10 (config-if)# dot1x max-req 3 |