802.1x implementation and single port testing

steve_zen · ‎08-01-2016

Hi,

I've been tasked with implementing security to stop unathorised devices using our LAN ports and am going to use 802.1x authentication with a Windows based NPS as the RADIUS server.

I've looked through some good documentation on implementing this from a CISCO side but one thing I'm not certain on is whether when I enable the AAA authentication and the other steps, at what point it will cause a connected device to require 802.1x authentaction?

What I want to do is enable 802.1x authencation to be required on a single port so that I can test a few scenario's with it before then applying it to all ports on the switch.

If anyone can tell me how to ensure I only apply it to specified ports that would be most appreciate.

thanks

Marvin Rhoads · ‎08-02-2016

None of the global commands affect individual ports at all.

Only when you apply the interface level commands do you start to require the end devices to authenticate on that specific interface.

nspasov · ‎08-19-2016

Marvin is absolutely correct here (as usual) :)

To add to what Marvin already said: You can have everything configured on the switch and port but as soon as you remove the command: authentication port-control auto dot1.x will not be running on that port

Thank you for rating helpful posts!

Marvin Rhoads · ‎08-19-2016

indeed - you are also correct.

Thanks, Neno.