Skip to main content

IEEE 802.1X

Unit: 10 Lesson: 4

what if i just used a specific port and trusted everything on that

802.1X: Port-Based Network Access Control (NAC)

802.1X is a standard for encapsulating EAP communications over a LAN network to implement port-based authentication. It basically lets identity providers use authentication methods configured provided by EAP.

802.1X uses AAA architecture, which is compatible with protocols like RADIUS. In this case, the switch would be configured as a RADIUS client, having the hostname or IP address of the RADIUS server and it's shared secret.

RADIUS servers store account details and can validate authentication credentials, and the switch is responsible for forwarding auth data between the RADIUS server and the supplicant device using the shared secret.

Configuration

  • en, conf t, int fa0/1 the usual stuff
  • dot1x pae authenticator Enable port-based security on this interface
  • mac access-list extended ALLOWED MACS Enter configuration mode (yes, that's a thing) for the allowed MAC addresses for this port.
    • permit host [address|0000.1111.2222] any Tie the specified MAC address to the ACL, allowing the host to use the port.
    • exit Go back to interface configuration mode
  • mac access-group ALLOWED MACS Start using the configured ACL.
  • exit x99, copy run start Spam exit mode, then copy the running configuration to the startup configuration.

#Netplus

Back to top