Users Guide
Security Commands 929
aaa authentication dot1x default
Use the aaa authentication dot1x default command in Global Configuration
mode to specify an authentication method for 802.1x clients to access
network resources. Use the no form of the command to return the
authentication method to its default settings.
Syntax
aaa authentication dot1x default {ias|none|radius}
no aaa authentication dot1x default
The following methods may be configured:
• ias—
Use the internal authentication server user database for authentication.
This method cannot be used in conjunction with any other method.
• none—Do not use
any authentication.
• radius—
Use the configured RADIUS server(s) for authentication.
Default Configuration
No default authentication method is defined, however, switch administrators
are allowed access to the switch console via 802.1X. Use the
dot1x user
command to restrict the ports over which users (or switch administrators)
may authenticate.
Command Mode
Global Configuration mode
User Guidelines
Only one default method may be configured. If the authentication method
fails, for example, the user-supplied password does not match, the user is
denied access.
For the RADIUS authentication method, if no RADIUS server can be
contacted, the supplicant fails authentication unless a critical voice or data
VLAN is configured.
The none method always allows access to the network and should therefore
be used with caution.