Users Guide
286 Authentication, Authorization, and Accounting
5
Configure interface gi1/0/2 to use VLAN 3 in general mode. General mode
is required for MAC-based authentication.
console(config)#interface Gi1/0/2
console(config-if-Gi1/0/2)#switchport mode general
console(config-if-Gi1/0/2)#switchport general pvid 3
6
On the interface, configure the port to use MAC based authentication and
enable MAB. The authentication manager is configured to only use MAB
and the priority is set to MAB.
console(config-if-Gi1/0/2)#dot1x port-control mac-based
console(config-if-Gi1/0/2)#mab
console(config-if-Gi1/0/2)#authentication order mab
console(config-if-Gi1/0/2)#authentication priority mab
console(config-if-Gi1/0/2)#exit
If it is possible that an 802.1x aware client may be connected, it is advisable to
configure a re-authentication timer on the port using the dot1x timeout re-
authperiod command.
The following command shows the
802.1x configuration on the interface:
console(config-if-Gi1/0/1)#show dot1x interface gi1/0/2
Administrative Mode............... Enabled
Dynamic VLAN Creation Mode........ Disabled
VLAN Assignment Mode.............. Disabled
Monitor Mode...................... Disabled
Port Admin Mode Oper Mode Reauth Reauth
Control Period
--------- ------------------ ------------ -------- ----------
Gi1/0/2 mac-based Authorized FALSE 3600
Quiet Period................................... 60
Transmit Period................................ 30
Maximum Requests............................... 2
Max Users...................................... 64
Guest-vlan Timeout............................. 90
Server Timeout (secs).......................... 30
MAB mode (configured).......................... Enabled
MAB mode (operational)......................... Enabled
Logical Supplicant AuthPAE Backend VLAN Username
Filter
Port MAC-Address State State Id
Id