Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2021
Views
4
Helpful
8
Replies

Configure 802.1x on switch C9200-48PXG-A

Go to solution
Electronic20
Spotlight
Spotlight

‎08-23-2023 05:19 PM

Hi Community,

You will have a format to configure the 802.1x on the ports and on the C9200-48PXG-A switch.

Please your kind support

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DanielP211
VIP Alumni
VIP Alumni

‎08-23-2023 09:32 PM

Hello,

What are you trying to achive? Are you looking for template of dot1x configuration? To connect to radius and configure a port use the following config (this does not include config on the ISE/NAC server).

aaa group server radius 8021x-servers
server name Server1
server name Server2

aaa authentication dot1x default group 8021x-servers
aaa authorization network default group 8021x-servers
aaa accounting dot1x default start-stop group 8021x-servers

dot1x system-auth-control
dot1x critical eapol

interface GigabitEthernet1/0/1
switchport mode access
authentication control-direction in
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 3

radius server Server1
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key 0 PRE-shared-KEY

radius server Server2
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key 0 PRE-shared-KEY

BR

****Kindly rate all useful posts*****

View solution in original post

8 Replies 8

Go to solution
DanielP211
VIP Alumni
VIP Alumni

‎08-23-2023 09:32 PM

Hello,

What are you trying to achive? Are you looking for template of dot1x configuration? To connect to radius and configure a port use the following config (this does not include config on the ISE/NAC server).

aaa group server radius 8021x-servers
server name Server1
server name Server2

aaa authentication dot1x default group 8021x-servers
aaa authorization network default group 8021x-servers
aaa accounting dot1x default start-stop group 8021x-servers

dot1x system-auth-control
dot1x critical eapol

interface GigabitEthernet1/0/1
switchport mode access
authentication control-direction in
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 3

radius server Server1
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key 0 PRE-shared-KEY

radius server Server2
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key 0 PRE-shared-KEY

BR

****Kindly rate all useful posts*****

Go to solution
Electronic20
Spotlight
Spotlight
In response to DanielP211

‎08-24-2023 09:14 AM

Hi, @DanielP211 

That's right, a template to configure the switch port to 802.1x for security.

I have a question, would that affect the accounts of the Network Administrators when they want to log in to Cisco switches?

0 Helpful

Go to solution
DanielP211
VIP Alumni
VIP Alumni
In response to Electronic20

‎08-24-2023 11:14 PM

The configuration for access to the switches is seperate. You can use tacacs or radius. In short dot1x port configuration won't affect the switch login.

And the configuration is the following:
aaa group server radius RADIUS_SER
server name SERV1
server name SERV2

aaa authentication login default group RADIUS_SER local-case
aaa authorization exec default group RADIUS_SER local if-authenticated

radius server SERV1
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key XXX

radius server SERV2
address ipv4 XX.XX.XX.XX auth-port 1812 acct-port 1813
key XXX

BR

****Kindly rate all useful posts*****

Go to solution
Electronic20
Spotlight
Spotlight
In response to DanielP211

‎08-25-2023 07:58 AM

Hi @DanielP211 

thank you.
What show command can I use to verify 802.1x?

 

0 Helpful

Go to solution
DanielP211
VIP Alumni
VIP Alumni
In response to Electronic20

‎08-25-2023 10:52 AM

For all sessions:
show authentication session

For specific interface:
show authentication session interface gigX/X/X

BR

****Kindly rate all useful posts*****

Go to solution
Electronic20
Spotlight
Spotlight
In response to DanielP211

‎08-25-2023 01:42 PM

Hi @DanielP211 

Will you have the 802.1x configuration form in the ISE?

0 Helpful

Go to solution
DanielP211
VIP Alumni
VIP Alumni
In response to Electronic20

‎08-26-2023 03:47 AM

You have to configure the configuration in ISE. I assume you already have it? In other case you have to configure quite a few things... There is no easy configuration to paste so I will just point you to a implementation manual, and if you get stuck somewhere just ask.

You don't have to configure everthing but take a look at the following: Integrating ISE with Active Directory, Authoring Access Policies on ISE, Configuring Microsoft Windows and Apple OS X Devices for 802.1X...

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515


BR

****Kindly rate all useful posts*****

Go to solution
Electronic20
Spotlight
Spotlight
In response to DanielP211

‎08-26-2023 09:19 AM

thanks for the information

0 Helpful
Customers Also Viewed These Support Documents