Users Guide
338 Authentication, Authorization, and Accounting
3
Configure ports 9 and 24 to be in the Authorized state, which allows the
devices to connect to these ports to access the switch services without
authentication.
console(config)#interface range Gi1/0/9,Gi1/0/24
console(config-if)#authentication port-control force-
authorized
console(config-if)#exit
4
Configure Port 7 to allow a single device with 802.1X or MAB. By default,
EAP-MD5 authentication is used.
console(config)#interface gi1/0/7
console(config-if-Gi1/0/7)#authentication host mode single-
host
console(config-if-Gi1/0/7)#authentication order mab dot1x
console(config-if-Gi1/0/7)#authentication port-control auto
console(config-if-Gi1/0/7)#mab
5
Configure the port in access mode. Access or general mode is required for
MAB.
console(config-if-Gi1/0/7)#switchport mode access
console(config-if-Gi1/0/7)#exit
6
Enable multi-domain host mode on port 8. This limits the number of
devices that can authenticate on that port to 2.
console(config)#interface gi1/0/8
console(config-if-Gi1/0/8)#authentication host-mode multi-
domain
console(config-if-Gi1/0/8)#authentication order dot1x
console(config-if-Gi1/0/8)#authentication port-control auto
console(config-if-Gi1/0/8)#switchport voice vlan 11
7
Configure the port in access mode.
console(config-if-Gi1/0/8)#switchport mode access
console(config-if-Gi1/0/8)#exit
console(config)#exit
8
View the client connection status.
When the clients on Ports 1, 3, and 7(supplicants), attempt to
communicate via the switch, the switch challenges the supplicants for
802.1X credentials. The switch encrypts the provided information and