In this final part of the series on preparing the Catalyst switch for ISE integration, we will examine the 802.1X commands that are most likely going to be required in your lab exam. You should remember that these commands follow the 802.1X you specified in your method lists that you configured in Part 1 of this series.
Here we go:
- dot1x system-auth-control – this global configuration command ensures that 802.1X is enabled for (potentially) all switch ports
- switchport mode access – configures the port as an access port
- switchport access vlan X – configures the data VLAN
- switchport voice vlan Y – configures the voice VLAN
- authentication host-mode multi-auth – permits a single authenticated phone in the Voice domain, and allows an unlimited of data devices to be authenticated in the data domain
- authentication periodic – enabled re-authentication
- authentication order dot1x mab – specifies the order in which authentication should be attempted
- authentication port-control auto – enables port-based 802.1X authentication on the interface
- mab – enables MAC Authentication Bypass
- dot1x pae authenticator – configures the interface to act only as an authenticator and the interface will not respond to any messages meant for a supplicant.
Thank you for joining me for this three part series here on ajsnetworking.com. While these commands might have seemed overwhelming at first, I think the key is:
- Breaking them up into these three parts – AAA, RADIUS Server, 802.1X
- Practicing them over and over again
- Ensuring you understand the purpose of each command
Remember in the exam to check the requirements carefully. There are many other commands available in the IOS, and they should be fairly easy to isolate based on the requirements of the lab exam task.
2 thoughts on “Switch Configuration for ISE Integration – Part 3 – 802.1X Config”
Thank you for this lesson.
It was my pleasure!