8-9
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 8 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To configure VLAN assignment you need to perform these tasks:
• Enable AAA authorization by using the network keyword to allow interface configuration from the
RADIUS server.
• Enable IEEE 802.1x. (The VLAN assignment feature is automatically enabled when you configure
IEEE 802.1x on an access port).
• Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return
these attributes to the switch:
–
[64] Tunnel-Type = VLAN
–
[65] Tunnel-Medium-Type = 802
–
[81] Tunnel-Private-Group-ID = VLAN name or VLAN ID
Attribute[64] must contain the value VLAN (type 13). Attribute[65] must contain the value 802 (type
6). Attribute[81] specifies the VLAN name or VLAN ID assigned to the IEEE 802.1x-authenticated
user.
For examples of tunnel attributes, see the “Configuring the Switch to Use Vendor-Specific RADIUS
Attributes” section on page 7-29.
Configuring IEEE 802.1x Authentication
These sections contain this configuration information:
• Default IEEE 802.1x Configuration, page 8-10
• IEEE 802.1x Configuration Guidelines, page 8-11
• Configuring 802.1x Readiness Check, page 8-12(optional)
• Configuring IEEE 802.1x Authentication, page 8-13 (required)
• Configuring the Switch-to-RADIUS-Server Communication, page 8-15 (required)
• Configuring Periodic Re-Authentication, page 8-16 (optional)
• Manually Re-Authenticating a Client Connected to a Port, page 8-16 (optional)
• Changing the Quiet Period, page 8-17 (optional)
• Changing the Switch-to-Client Retransmission Time, page 8-17 (optional)
• Setting the Switch-to-Client Frame-Retransmission Number, page 8-18 (optional)
• Setting the Re-Authentication Number, page 8-18 (optional)
• Configuring the Host Mode, page 8-19 (optional)
• Resetting the IEEE 802.1x Configuration to the Default Values, page 8-20 (optional)
• Configuring IEEE 802.1x Accounting, page 8-20 (optional)
