IBM 12.1(22)EA6 User Manual

Page 137

6-21

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 6 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command.
The port returns to the unauthorized state.

This example shows how to enable VLAN 9 as an IEEE 802.1x guest VLAN on a port:

Switch(config)# interface gigabitethernet0/17

Switch(config-if)# dot1x guest-vlan 9

You can enable optional guest VLAN behavior by using the dot1x guest-vlan supplicant global
configuration command. When enabled, the switch does not maintain the EAPOL packet history and
allows clients that fail authentication access to the guest VLAN, regardless of whether EAPOL packets
had been detected on the interface.

Beginning in privileged EXEC mode, follow these steps to enable the optional guest VLAN behavior
and to configure a guest VLAN. This procedure is optional.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Specify the interface to be configured, and enter interface configuration
mode. For the supported interface types, see the

“IEEE 802.1x

Configuration Guidelines” section on page 6-12

Step 3

switchport mode access

Set the port to access mode.

Step 4

dot1x port-control auto

Enable IEEE 802.1x authentication on the port.

Step 5

dot1x guest-vlan vlan-id

Specify an active VLAN as an IEEE 802.1x guest VLAN. The range is 1
to 4094.

You can configure any active VLAN except an RSPAN VLAN or a voice
VLAN as an IEEE 802.1x guest VLAN.

Step 6

end

Return to privileged EXEC mode.

Step 7

show dot1x interface interface-id

Verify your entries.

Step 8

copy running-config startup-config

(Optional) Save your entries in the configuration file.