ads
Home dot1x ieee 802.1x radius tacacs Dot1x Port-Based authentication

Dot1x Port-Based authentication

, , ,




Dot1x Port-based Authentication




This name refers to IEEE 802.1x, the standard upon which this features is based.
A major difference between this feature and port-security is that both host and switchport must be configured for 802.1x EAPOL, the Extensive Authentication Protocol over LAN’s.

A typical dot1x port-based authentication deployment involves three parts:
1.       The dot1x-enable  PC (the supplicant)
2.        The  dot1x-enable switch  ( the authenticator)
3.       A Radius server (the authentication server)







The PC has a single port connected to the switch , but that physical port is logically divided into two ports  by dot1x, the controlled and the uncontrolled ports. These logical  ports are configure , not by the administrator but by the Dot1x itself. We need to configure the supplicant for the dot1x.

The controlled ports cannot transmit data until authentication take place. The uncontrolled port can transmit without authentication but with big limitations: only EAPOL, STP, and CDP. Once the ports are authenticated, all regular traffic can use those ports.

So , to start using dot1x, we will do the following:
  1.      Enable AAA with a aaa-new model
  2.     We will point the switch to our radius server 
  3. We will enable dot1x to use those RADIUS server for authentication

But the new question is this ..What AAA stand for?


    What is the difference between TACAS and RADIUS?





So check the configuration:

First of all these commands could vary from different IOS and different Cisco Switches..







Now we will try to do some authentication, instead of a Server ,an authentication via  a LOCAL database






Now when we try to login again. We exit and keep us waiting ..We  write down the password ccnp  First it’s going to try to get to 20.20.20.20 and it’s going to fail. It was a big delay because it was trying to communicate with the radius server.We don't have it..





..And after ,that the next thing was to look for in the local database and we finally could get connected 



If you  want to go back to the initial configuration use this:



 In case that you want to increase the security you can run port-security and dot1x authentication on the same port .That’s a BIG Cisco security feature.


This lab was successful. If you like it , please comment and like

Dot1x Port-Based authentication Dot1x Port-Based authentication Reviewed by ohhhvictor on 10:47:00 AM Rating: 5

No comments:

Subscribe to: Post Comments ( Atom )
photo imagen120.jpg
Theme images by 5ugarless. Powered by Blogger.